Resource not found
" - ).html_safe, layout: 'application' end def about @@ -16,30 +15,26 @@ def about @title = "About" render action: "about" rescue ActionView::MissingTemplate - render layout: 'application', html: ("You have zero privacy anyway. Get over it.
Scott McNealy
- HTML - end + HTML end end diff --git a/benchmarks/lobsters/app/controllers/application_controller.rb b/benchmarks/lobsters/app/controllers/application_controller.rb index 0ec9bfcb..fd0e183f 100644 --- a/benchmarks/lobsters/app/controllers/application_controller.rb +++ b/benchmarks/lobsters/app/controllers/application_controller.rb @@ -1,52 +1,55 @@ +# typed: false + class ApplicationController < ActionController::Base include IntervalHelper + include Authenticatable protect_from_forgery - before_action :authenticate_user + before_action :geoblock_uk + before_action :heinous_inline_partials, if: -> { Rails.env.development? } before_action :mini_profiler - before_action :set_traffic_style before_action :prepare_exception_notifier + before_action :set_traffic_style + around_action :n_plus_one_detection - # match this in your nginx config for bypassing the file cache - TAG_FILTER_COOKIE = :tag_filters - - # returning false until 1. nginx wants to serve cached files - # 2. the "stay logged in" cookie is separated from rails session cookie - # (lobster_trap) which is sent even to logged-out visitors - CACHE_PAGE = proc { false && @user.blank? && cookies[TAG_FILTER_COOKIE].blank? } + # 2023-10-07 one user in one of their browser envs is getting a CSRF failure, I'm reverting + # because I'll be AFK a while. + # after_action :clear_lobster_trap - rescue_from ActionController::UnknownFormat do - render plain: '404 Not Found', status: :not_found, content_type: 'text/plain' + # match this nginx config for bypassing the file cache + TAG_FILTER_COOKIE = :tag_filters + CACHE_PAGE = proc { @user.blank? && cookies[TAG_FILTER_COOKIE].blank? } + + # Rails misdesign: if the /recent route doesn't support .rss, Rails calls it anyways and then + # raises MissingTemplate when it's not handled, as if the app did something wrong (a prod 500!). + unless Rails.env.development? + rescue_from ActionController::UnknownFormat, ActionView::MissingTemplate do + request.format = :html # required, despite format.any + respond_to do |format| + format.any { render "about/404", status: :not_found, content_type: "text/html" } + end + end + end + rescue_from ActionController::UnpermittedParameters do + respond_to do |format| + format.html { render plain: "400 Unpermitted query or form parameter", status: :bad_request } + format.json { render json: {error: "400 Unpermitted query or form parameter"}, status: :bad_request } + end + end + rescue_from ActionController::ParameterMissing do |exception| + respond_to do |format| + format.html { render plain: "400 #{exception.message}", status: :bad_request } + format.json { render json: {error: exception.message.to_s}, status: :bad_request } + end end rescue_from ActionDispatch::Http::MimeNegotiation::InvalidType do - render plain: 'fix the mime type in your HTTP_ACCEPT header', - status: :bad_request, content_type: 'text/plain' + render plain: "fix the mime type in your HTTP_ACCEPT header", + status: :bad_request, content_type: "text/plain" end def agent_is_spider? ua = request.env["HTTP_USER_AGENT"].to_s - (ua == "" || ua.match(/(Google|bing|Slack|Twitter)bot|Slurp|crawler|Feedly|FeedParser|RSS/)) - end - - def authenticate_user - # eagerly evaluate, in case this triggers an IpSpoofAttackError - request.remote_ip - - if Rails.application.read_only? - return true - end - - if session[:u] && - (user = User.find_by(:session_token => session[:u].to_s)) && - user.is_active? - @user = user - end - Rails.logger.info( - " Request #{request.remote_ip} #{request.request_method} #{request.fullpath} user: " + - (@user ? "#{@user.id} #{@user.username}" : "0 nobody") - ) - - true + ua == "" || ua.match(/(Google|bing|Slack|Twitter)bot|Slurp|crawler|Feedly|FeedParser|RSS/) end def check_for_read_only_mode @@ -58,23 +61,36 @@ def check_for_read_only_mode true end + # clear Rails session cookie if not logged in so nginx uses the page cache + # https://ryanfb.xyz/etc/2021/08/29/going_cookie-free_with_rails.html + def clear_lobster_trap + key = Rails.application.config.session_options[:key] # "lobster_trap" + cookies.delete(key) if @user.blank? + # this probably should test session.empty? && controller... + request.session_options[:skip] = @user.blank? && controller_name != "login" + end + def find_user_from_rss_token - if !@user && request[:format] == "rss" && params[:token].to_s.present? - @user = User.where(:rss_token => params[:token].to_s).first + if !@user && params[:format] == "rss" && params[:token].to_s.present? + @user = User.where(rss_token: params[:token].to_s).first end end - def flag_warning - @flag_warning_int ||= time_interval('1m') - return false #if Rails.env.development? # expensive because Rails doesn't cache in dev - # Lobsters-bench: turning this off to avoid porting FlaggedCommenters from MySQL to SQLite - @show_flag_warning ||= ( - @user && !!FlaggedCommenters.new(@flag_warning_int[:param], 1.day).check_list_for(@user) - ) + # https://lobste.rs/s/ukosa1 + def geoblock_uk + return unless Time.current.utc >= Date.new(2025, 3, 16) + return unless Maxmind.uk?(req.ip) + + render body: "I'm very sorry, but the risks of the UK Online Safety Act have required that Lobsters geoblock the UK. Discussion", status: 451, content_type: "text/html" + false + end + + def heinous_inline_partials + do_heinous_inline_partial_replacement end def mini_profiler - if @user && @user.is_admin? + if @user&.is_moderator? Rack::MiniProfiler.authorize_request end end @@ -88,31 +104,26 @@ def prepare_exception_notifier # https://web.archive.org/web/20180108083712/http://umaine.edu/lobsterinstitute/files/2011/12/LobsterColorsWeb.pdf def set_traffic_style - @traffic_intensity = '?' - @traffic_style = 'background-color: #ac130d;' + @traffic_intensity = "?" + @traffic_style = "background-color: #ac130d;" return true if Rails.application.read_only? || - agent_is_spider? || - %w{json rss}.include?(params[:format]) - if (skip = TrafficHelper.novelty_logo) - @traffic_style = skip - return - end + agent_is_spider? || + %w[json rss].include?(params[:format]) + return if (@traffic_novelty = TrafficHelper.novelty_logo) @traffic_intensity = TrafficHelper.cached_current_intensity # map intensity to 80-255 so there's always a little red - hex = sprintf('%02x', (@traffic_intensity * 1.75 + 80).round) + hex = sprintf("%02x", (@traffic_intensity * 1.75 + 80).round) @traffic_style = "background-color: ##{hex}0000;" return true unless @user color = :red [ - # rubocop:disable Layout/LineLength, [2_000_000, :blue, "background-color: #0000#{hex};"], [6, :yellow, "background-color: ##{hex}#{hex}00;"], [3, :calico, "background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAAACXBIWXMAAC4jAAAuIwF4pT92AAAABmJLR0QA/wD/AP+gvaeTAAACpElEQVQYGQXBWW8bVRgA0Hu/u814NsdxGsUxztJUzaJSVS1CCCTKE7zxxiP/gH+I+lKKQEVCLUlJ5YTsU8f2eJvxbHfjHLz7sKeU2mhNfvl579vnEPKUEUJxji1YoBaIob4m6+cX8Our/m99TBwmpKGV0hZjz+EO06FHOAKlFNKIcE+p8HYo3rwd/Xk8m+pVEjW4EzIFdjopVVG6Nt1ocpc3ALnIhqMRnF3afz6qd2flcMElAOWu3nm4tr6xMh2cyDpprqwBwdjQ0Uz9fXJ9el0lRTOekVQ13DCKvCXVWO7sdl6+/Gp01cbpv/uHPcqGlUKIr50NZq+Pi7mymrt+GOxvbz9+zKjS5OLi1uV/ZeObAC3un4qgt+c0bL8/v5qJ64WbaocIPC2HzbaDGCOeF0ySJI7vzz9eLuZFpfDq2lZWmd/fx6/e3twkuDIiL3KCysV83D+/xZ/1uhYXjuC6lg0BVk2fHPXcQMWD7L+bvJCettzhEPpgzRIxjbe3u6VMCcXWMEY5E9qisqo1QlRLjDVwxqxSQpBW5CFnSB2PaulyRleCSEtNhDPLltjkdQWYCC+gDVF6pHzU8z8/7IKgVFaVtshSWaQxA2Osz4FiokTQrLRrQCLIXzxr/fT94cFWVFlGmXExNQznnbbzaGcVgb0bJqO8kS5BzmusNAMdYN5mPlsihRh5sL7pRYHXQM+OOj/+8MV3Xx+2mmQ8qQZxkmfKSGXq1Odyt9MShByffKLgcc3JsqrHk3Eyumu6LbkYFHcfsjttSaR5OFP29H755nzw/sq8+yMh/sYKYiRL76dxzOqr9RBsmeisnCWqVlZaMIyxgC5U9eEy7p9awj0ByDiQ7XfgmyfRl0fRwZbb7bLVNmOOXynADDY3Hxzs7+WL5XSY/w/0MGrkMYhXjAAAAABJRU5ErkJggg==) no-repeat center"], [2, :split, "background: linear-gradient(90deg, ##{hex}0000 50%, #0000#{hex} 50%)"], - [2, :albino, "filter: invert(100%);"], - # rubocop:enable Layout/LineLength, + [2, :albino, "filter: invert(100%);"] ].each do |cumulative_odds, name, style| break unless rand(cumulative_odds) == 0 color = name @@ -123,55 +134,8 @@ def set_traffic_style end end - def require_logged_in_user - if @user - true - else - if request.get? - session[:redirect_to] = request.original_fullpath - end - - redirect_to "/login" - end - end - - def require_logged_in_moderator - require_logged_in_user - - if @user - if @user.is_moderator? - true - else - flash[:error] = "You are not authorized to access that resource." - return redirect_to "/" - end - end - end - - def require_logged_in_admin - require_logged_in_user - - if @user - if @user.is_admin? - true - else - flash[:error] = "You are not authorized to access that resource." - return redirect_to "/" - end - end - end - - def require_logged_in_user_or_400 - if @user - true - else - render :plain => "not logged in", :status => 400 - return false - end - end - def require_no_user_or_redirect - return redirect_to "/" if @user + redirect_to "/" if @user end def show_title_h1 @@ -180,7 +144,14 @@ def show_title_h1 def tags_filtered_by_cookie @_tags_filtered ||= Tag.where( - :tag => cookies[TAG_FILTER_COOKIE].to_s.split(",") + tag: cookies[TAG_FILTER_COOKIE].to_s.split(",") ) end + + def n_plus_one_detection + # Prosopite.scan + yield + ensure + # Prosopite.finish + end end diff --git a/benchmarks/lobsters/app/controllers/avatars_controller.rb b/benchmarks/lobsters/app/controllers/avatars_controller.rb index 753c2b5c..bc8f16df 100644 --- a/benchmarks/lobsters/app/controllers/avatars_controller.rb +++ b/benchmarks/lobsters/app/controllers/avatars_controller.rb @@ -1,27 +1,27 @@ +# typed: false + class AvatarsController < ApplicationController - before_action :require_logged_in_user, :only => [:expire] + before_action :require_logged_in_user, only: [:expire] ALLOWED_SIZES = [16, 32, 100, 200].freeze - CACHE_DIR = "#{Rails.root}/public/avatars/".freeze + CACHE_DIR = Rails.public_path.join("avatars/").to_s.freeze def expire expired = 0 - Dir.entries(CACHE_DIR).select {|f| + Dir.entries(CACHE_DIR).select { |f| f.match(/\A#{@user.username}-(\d+)\.png\z/) }.each do |f| - begin - Rails.logger.debug "Expiring #{f}" - File.unlink("#{CACHE_DIR}/#{f}") - expired += 1 - rescue => e - Rails.logger.error "Failed expiring #{f}: #{e}" - end + Rails.logger.debug { "Expiring #{f}" } + File.unlink("#{CACHE_DIR}/#{f}") + expired += 1 + rescue => e + Rails.logger.error "Failed expiring #{f}: #{e}" end - flash[:success] = "Your avatar cache has been purged of #{'file'.pluralize(expired)}" - return redirect_to "/settings" + flash[:success] = "Your avatar cache has been purged of #{"file".pluralize(expired)}" + redirect_to "/settings" end def show @@ -36,7 +36,7 @@ def show raise ActionController::RoutingError.new("invalid user name") end - u = User.where(:username => username).first! + u = User.where(username: username).first! if !(av = u.fetched_avatar(size)) raise ActionController::RoutingError.new("failed fetching avatar") @@ -53,6 +53,6 @@ def show File.rename("#{CACHE_DIR}/.#{u.username}-#{size}.png", "#{CACHE_DIR}/#{u.username}-#{size}.png") response.headers["Expires"] = 1.hour.from_now.httpdate - send_data av, :type => "image/png", :disposition => "inline" + send_data av, type: "image/png", disposition: "inline" end end diff --git a/benchmarks/lobsters/app/controllers/categories_controller.rb b/benchmarks/lobsters/app/controllers/categories_controller.rb index 92064e33..811b0ad2 100644 --- a/benchmarks/lobsters/app/controllers/categories_controller.rb +++ b/benchmarks/lobsters/app/controllers/categories_controller.rb @@ -1,3 +1,5 @@ +# typed: false + class CategoriesController < ApplicationController before_action :require_logged_in_admin @@ -7,38 +9,38 @@ def new end def create - category = Category.create(category_params) + category = Category.create!(category_params) if category.valid? flash[:success] = "Category #{category.category} has been created" redirect_to tags_path else - flash[:error] = "New category not created: #{category.errors.full_messages.join(', ')}" + flash[:error] = "New category not created: #{category.errors.full_messages.join(", ")}" redirect_to new_category_path end end def edit - @category = Category.where(:category => params[:category_name]).first! + @category = Category.where(category: params[:category_name]).first! @title = "Edit Category" end def update - category = Category.where(:category => params[:category_name]).first! + category = Category.where(category: params[:category_name]).first! if category.update(category_params) flash[:success] = "Category #{category.category} has been updated" redirect_to tags_path else - flash[:error] = "Category not updated: #{category.errors.full_messages.join(', ')}" + flash[:error] = "Category not updated: #{category.errors.full_messages.join(", ")}" redirect_to edit_category_path end end -private + private def category_params params.require(:category).permit( :category_name, - :category, + :category ).merge(edit_user_id: @user.id) end end diff --git a/benchmarks/lobsters/app/controllers/comments_controller.rb b/benchmarks/lobsters/app/controllers/comments_controller.rb index d63ca85a..49bad8f3 100644 --- a/benchmarks/lobsters/app/controllers/comments_controller.rb +++ b/benchmarks/lobsters/app/controllers/comments_controller.rb @@ -1,190 +1,206 @@ +# typed: false + class CommentsController < ApplicationController COMMENTS_PER_PAGE = 20 caches_page :index, :threads, if: CACHE_PAGE before_action :require_logged_in_user_or_400, - :only => [:create, :preview, :upvote, :flag, :unvote] - before_action :require_logged_in_user, :only => [:upvoted] - before_action :flag_warning, only: [:threads] + only: [:create, :reply, :upvote, :flag, :unvote, :update] + before_action :require_logged_in_user, only: [:upvoted] before_action :show_title_h1 # for rss feeds, load the user's tag filters if a token is passed - before_action :find_user_from_rss_token, :only => [:index] + before_action :find_user_from_rss_token, only: [:index] def create - if !(story = Story.where(:short_id => params[:story_id]).first) || - story.is_gone? - return render :plain => "can't find story", :status => 400 + if !(story = Story.where(short_id: params[:story_id]).first) || + story.is_gone? + return render plain: "can't find story", status: 400 end comment = story.comments.build comment.comment = params[:comment].to_s comment.user = @user - - if params[:hat_id] && @user.wearable_hats.where(:id => params[:hat_id]) - comment.hat_id = params[:hat_id] - end + comment.hat = @user.wearable_hats.find_by(short_id: params[:hat_id]) if params[:parent_comment_short_id].present? - if (pc = Comment.where(:story_id => story.id, :short_id => params[:parent_comment_short_id]) - .first) - comment.parent_comment = pc - else - return render :json => { :error => "invalid parent comment", :status => 400 } + # includes parent story_id to ensure this comment's story_id matches + comment.parent_comment = + Comment.find_by(story_id: story.id, short_id: params[:parent_comment_short_id]) + if !comment.parent_comment + return render json: {error: "invalid parent comment", status: 400} end end # sometimes on slow connections people resubmit; silently accept it if (already = Comment.find_by(user: comment.user, - story: comment.story, - parent_comment_id: comment.parent_comment_id, - comment: comment.comment)) - self.render_created_comment(already) + story: comment.story, + parent_comment_id: comment.parent_comment_id, + comment: comment.comment)) + render_created_comment(already) return end - # rate-limit users to one reply per 5m per parent comment - if params[:preview].blank? && - (pc = Comment.where(:story_id => story.id, - :user_id => @user.id, - :parent_comment_id => comment.parent_comment_id).first) - if (Time.current - pc.created_at) < 5.minutes && !@user.is_moderator? - comment.errors.add(:comment, "^You have already posted a comment " << - "here recently.") - - return render :partial => "commentbox", :layout => false, - :content_type => "text/html", :locals => { :comment => comment } - end + if params[:preview].blank? && comment.breaks_speed_limit? + return render partial: "commentbox", layout: false, + content_type: "text/html", locals: {comment: comment} end - if comment.valid? && params[:preview].blank? && ActiveRecord::Base.transaction { comment.save } - comment.current_vote = { :vote => 1 } - self.render_created_comment(comment) + if comment.valid? && params[:preview].blank? && comment.save + comment.current_vote = {vote: 1} + render_created_comment(comment) else comment.score = 1 - comment.current_vote = { :vote => 1 } + comment.current_vote = {vote: 1} preview comment end end - def render_created_comment(comment) - if request.xhr? - render :partial => "comments/postedreply", :layout => false, - :content_type => "text/html", :locals => { :comment => comment } - else - redirect_to comment.path - end - end - def show - if !((comment = find_comment) && comment.is_editable_by_user?(@user)) - return render :plain => "can't find comment", :status => 400 + if !(comment = find_comment) + return render plain: "can't find comment", status: 404 + end + if !comment.is_editable_by_user?(@user) + return redirect_to comment.path end - render :partial => "comment", - :layout => false, - :content_type => "text/html", - :locals => { - :comment => comment, - :show_tree_lines => params[:show_tree_lines], - } + render partial: "comment", + layout: false, + content_type: "text/html", + locals: { + comment: comment, + show_tree_lines: params[:show_tree_lines] + } end def show_short_id if !(comment = find_comment) - return render :plain => "can't find comment", :status => 400 + return render plain: "can't find comment", status: 400 end - render :json => comment.as_json + render json: comment.as_json end def redirect_from_short_id if (comment = find_comment) - return redirect_to comment.path + redirect_to comment.path else - return render :plain => "can't find comment", :status => 400 + render plain: "can't find comment", status: 400 end end def edit if !((comment = find_comment) && comment.is_editable_by_user?(@user)) - return render :plain => "can't find comment", :status => 400 + return render plain: "can't find comment", status: 400 end - render :partial => "commentbox", :layout => false, - :content_type => "text/html", :locals => { :comment => comment } + render partial: "commentbox", layout: false, + content_type: "text/html", locals: {comment: comment} end def reply if !(parent_comment = find_comment) - return render :plain => "can't find comment", :status => 400 + return render plain: "can't find comment", status: 400 end - comment = Comment.new - comment.story = parent_comment.story + story = parent_comment.story + comment = story.comments.build comment.parent_comment = parent_comment + comment.comment = params[:comment].to_s + comment.user = @user - render :partial => "commentbox", :layout => false, - :content_type => "text/html", :locals => { :comment => comment } + if !parent_comment.depth_permits_reply? + ModNote.tattle_on_max_depth_limit(@user, parent_comment) + if request.xhr? + render partial: "too_deep" + else + render "_too_deep" + end + return + end + + if request.xhr? + render partial: "commentbox", locals: {comment: comment, story: story} + else + parents = comment.parents.with_thread_attributes.for_presentation + + parent_ids = parents.map(&:id) + @votes = Vote.comment_votes_by_user_for_comment_ids_hash(@user&.id, parent_ids) + summaries = Vote.comment_vote_summaries(parent_ids) + parents.each do |c| + c.current_vote = @votes[c.id] + c.vote_summary = summaries[c.id] + end + render "_commentbox", locals: { + comment: comment, + story: story, + parents: parents + } + end end def delete if !((comment = find_comment) && comment.is_deletable_by_user?(@user)) - return render :plain => "can't find comment", :status => 400 + return render plain: "can't find comment", status: 400 end comment.delete_for_user(@user, params[:reason]) - render :partial => "comment", :layout => false, - :content_type => "text/html", :locals => { :comment => comment } + render partial: "comment", layout: false, + content_type: "text/html", locals: {comment: comment} end def undelete if !((comment = find_comment) && comment.is_undeletable_by_user?(@user)) - return render :plain => "can't find comment", :status => 400 + return render plain: "can't find comment", status: 400 end comment.undelete_for_user(@user) - render :partial => "comment", :layout => false, - :content_type => "text/html", :locals => { :comment => comment } + render partial: "comment", layout: false, + content_type: "text/html", locals: {comment: comment} end def disown if !((comment = find_comment) && comment.is_disownable_by_user?(@user)) - return render :plain => "can't find comment", :status => 400 + return render plain: "can't find comment", status: 400 end InactiveUser.disown! comment - comment = find_comment - render :partial => "comment", :layout => false, - :content_type => "text/html", :locals => { :comment => comment } + if request.xhr? + comment = find_comment + show_story = ActiveModel::Type::Boolean.new.cast(params[:show_story]) + show_tree_lines = ActiveModel::Type::Boolean.new.cast(params[:show_tree_lines]) + + render partial: "comment", locals: {comment: comment, show_story: show_story, show_tree_lines: show_tree_lines} + else + redirect_back fallback_location: root_path + end end def update if !((comment = find_comment) && comment.is_editable_by_user?(@user)) - return render :plain => "can't find comment", :status => 400 + return render plain: "can't find comment", status: 400 end comment.comment = params[:comment] comment.hat_id = nil - if params[:hat_id] && @user.wearable_hats.where(:id => params[:hat_id]) - comment.hat_id = params[:hat_id] - end + comment.hat = @user.wearable_hats.find_by(short_id: params[:hat_id]) if params[:preview].blank? && comment.save votes = Vote.comment_votes_by_user_for_comment_ids_hash(@user.id, [comment.id]) comment.current_vote = votes[comment.id] + comment.vote_summary = Vote.comment_vote_summaries([comment.id])[comment.id] - render :partial => "comments/comment", - :layout => false, - :content_type => "text/html", - :locals => { :comment => comment, :show_tree_lines => params[:show_tree_lines] } + render partial: "comments/comment", + layout: false, + content_type: "text/html", + locals: {comment: comment, show_tree_lines: params[:show_tree_lines]} else - comment.current_vote = { :vote => 1 } + comment.current_vote = {vote: 1} preview comment end @@ -192,52 +208,52 @@ def update def unvote if !(comment = find_comment) || comment.is_gone? - return render :plain => "can't find comment", :status => 400 + return render plain: "can't find comment", status: 400 end Vote.vote_thusly_on_story_or_comment_for_user_because( 0, comment.story_id, comment.id, @user.id, nil ) - render :plain => "ok" + render plain: "ok" end def upvote if !(comment = find_comment) || comment.is_gone? - return render :plain => "can't find comment", :status => 400 + return render plain: "can't find comment", status: 400 end Vote.vote_thusly_on_story_or_comment_for_user_because( 1, comment.story_id, comment.id, @user.id, params[:reason] ) - render :plain => "ok" + render plain: "ok" end def flag if !(comment = find_comment) || comment.is_gone? - return render :plain => "can't find comment", :status => 400 + return render plain: "can't find comment", status: 400 end if !Vote::COMMENT_REASONS[params[:reason]] - return render :plain => "invalid reason", :status => 400 + return render plain: "invalid reason", status: 400 end if !@user.can_flag?(comment) - return render :plain => "not permitted to flag", :status => 400 + return render plain: "not permitted to flag", status: 400 end Vote.vote_thusly_on_story_or_comment_for_user_because( -1, comment.story_id, comment.id, @user.id, params[:reason] ) - render :plain => "ok" + render plain: "ok" end def index @rss_link ||= { - :title => "RSS 2.0 - Newest Comments", - :href => "/comments.rss" + (@user ? "?token=#{@user.rss_token}" : ""), + title: "RSS 2.0 - Newest Comments", + href: "/comments.rss" + (@user ? "?token=#{@user.rss_token}" : "") } @title = "Newest Comments" @@ -245,70 +261,75 @@ def index @page = params[:page].to_i if @page == 0 @page = 1 - elsif @page < 0 || @page > (2 ** 32) + elsif @page < 0 || @page > (2**32) raise ActionController::RoutingError.new("page out of bounds") end @comments = Comment.accessible_to_user(@user) .not_on_story_hidden_by(@user) .order("id DESC") - .includes(:user, :hat, :story => :user) - .joins(:story).where.not(stories: { is_deleted: true }) + .includes(:user, :hat, story: :user) + .joins(:story).where.not(stories: {is_deleted: true}) .limit(COMMENTS_PER_PAGE) .offset((@page - 1) * COMMENTS_PER_PAGE) - if @user - @votes = Vote.comment_votes_by_user_for_comment_ids_hash(@user.id, @comments.map(&:id)) - - @comments.each do |c| - if @votes[c.id] - c.current_vote = @votes[c.id] - end - end + comment_ids = @comments.map(&:id) + @votes = Vote.comment_votes_by_user_for_comment_ids_hash(@user&.id, comment_ids) + summaries = Vote.comment_vote_summaries(comment_ids) + @comments.each do |c| + c.current_vote = @votes[c.id] + c.vote_summary = summaries[c.id] end respond_to do |format| - format.html { render :action => "index" } + format.html { render action: "index" } format.rss { if @user && params[:token].present? @title = "Private comments feed for #{@user.username}" + render action: "index", layout: false + else + content = Rails.cache.fetch("comments.rss", expires_in: (60 * 2)) { + render_to_string action: "index", layout: false + } + render plain: content, layout: false end - - render :action => "index", :layout => false } end end def upvoted @rss_link ||= { - :title => "RSS 2.0 - Newest Comments", - :href => upvoted_comments_path(format: :rss) + (@user ? "?token=#{@user.rss_token}" : ""), + title: "RSS 2.0 - Newest Comments", + href: upvoted_comments_path(format: :rss) + (@user ? "?token=#{@user.rss_token}" : "") } @title = "Upvoted Comments" - @above = 'saved/subnav' + @above = "saved/subnav" @page = params[:page].to_i if @page == 0 @page = 1 - elsif @page < 0 || @page > (2 ** 32) + elsif @page < 0 || @page > (2**32) raise ActionController::RoutingError.new("page out of bounds") end @comments = Comment.accessible_to_user(@user) .where.not(user_id: @user.id) .order("id DESC") - .includes(:user, :hat, :story => :user) - .joins(:votes).where(votes: { user_id: @user.id, vote: 1 }) - .joins(:story).where.not(stories: { is_deleted: true }) + .includes(:user, :hat, story: :user) + .joins(:votes).where(votes: {user_id: @user.id, vote: 1}) + .joins(:story).where.not(stories: {is_deleted: true}) .limit(COMMENTS_PER_PAGE) .offset((@page - 1) * COMMENTS_PER_PAGE) # TODO: respect hidden stories - @votes = Vote.comment_votes_by_user_for_comment_ids_hash(@user.id, @comments.map(&:id)) + comment_ids = @comments.map(&:id) + @votes = Vote.comment_votes_by_user_for_comment_ids_hash(@user.id, comment_ids) + summaries = Vote.comment_vote_summaries(comment_ids) @comments.each do |c| c.current_vote = @votes[c.id] + c.vote_summary = summaries[c.id] end respond_to do |format| @@ -318,12 +339,12 @@ def upvoted @title = "Upvoted comments feed for #{@user.username}" end - render :action => "index", :layout => false + render action: "index", layout: false } end end - def threads + def user_threads if params[:user] @showing_user = User.find_by!(username: params[:user]) @title = "Threads for #{@showing_user.username}" @@ -334,55 +355,60 @@ def threads @title = "Your Threads" end - thread_ids = @showing_user.recent_threads( - 20, - include_submitted_stories: !!(@user && @user.id == @showing_user.id), - for_user: @user - ) - - comments = Comment.accessible_to_user(@user) - .where(:thread_id => thread_ids) - .includes(:user, :hat, :story => :user, :votes => :user) - .joins(:story).where.not(stories: { is_deleted: true }) - .arrange_for_user(@user) - - comments_by_thread_id = comments.group_by(&:thread_id) - @threads = comments_by_thread_id.values_at(*thread_ids).compact + @threads = Comment.recent_threads(@showing_user) + .accessible_to_user(@user) + .merge(Story.not_deleted(@user)) + .for_presentation + .joins(:story) if @user - @votes = Vote.comment_votes_by_user_for_story_hash(@user.id, comments.map(&:story_id).uniq) + @user.clear_unread_replies! + @votes = Vote.comment_votes_by_user_for_story_hash(@user.id, @threads.map(&:story_id).uniq) + summaries = Vote.comment_vote_summaries(@threads.map(&:id)) - comments.each do |c| - if @votes[c.id] - c.current_vote = @votes[c.id] - end + @threads.each do |c| + c.current_vote = @votes[c.id] + c.vote_summary = summaries[c.id] end end end -private + private + + def find_comment + comment = Comment.where(short_id: params[:id]).first + # convenience to use PK (from external queries) without generally permitting enumeration: + comment ||= Comment.find(params[:id]) if @user&.is_admin? + + if @user && comment + comment.current_vote = Vote.where(user_id: @user.id, + story_id: comment.story_id, comment_id: comment.id).first + comment.vote_summary = Vote.comment_vote_summaries([comment.id])[comment.id] + end + + comment + end def preview(comment) comment.previewing = true comment.is_deleted = false # show normal preview for deleted comments - render :partial => "comments/commentbox", - :layout => false, - :content_type => "text/html", - :locals => { - :comment => comment, - :show_comment => comment, - :show_tree_lines => params[:show_tree_lines], - } + render partial: "comments/commentbox", + layout: false, + content_type: "text/html", + locals: { + comment: comment, + show_comment: comment, + show_tree_lines: params[:show_tree_lines] + } end - def find_comment - comment = Comment.where(short_id: params[:id]).first - if @user && comment - comment.current_vote = Vote.where(:user_id => @user.id, - :story_id => comment.story_id, :comment_id => comment.id).first + def render_created_comment(comment) + if request.xhr? + render partial: "comments/postedreply", layout: false, + content_type: "text/html", locals: {comment: comment} + else + redirect_to comment.path end - - comment end end diff --git a/benchmarks/lobsters/app/controllers/concerns/authenticatable.rb b/benchmarks/lobsters/app/controllers/concerns/authenticatable.rb new file mode 100644 index 00000000..bd06814f --- /dev/null +++ b/benchmarks/lobsters/app/controllers/concerns/authenticatable.rb @@ -0,0 +1,71 @@ +module Authenticatable + extend ActiveSupport::Concern + + included do + before_action :authenticate_user + end + + def authenticate_user + # eagerly evaluate, in case this triggers an IpSpoofAttackError + request.remote_ip + + if Rails.application.read_only? + return true + end + + if session[:u] && + (user = User.find_by(session_token: session[:u].to_s)) && + user.is_active? + @user = user + end + + true + end + + def require_logged_in_moderator + require_logged_in_user + + if @user + if @user.is_moderator? + true + else + flash[:error] = "You are not authorized to access that resource." + redirect_to "/" + end + end + end + + def require_logged_in_user + if @user + true + else + if request.get? + session[:redirect_to] = request.original_fullpath + end + + redirect_to "/login" + end + end + + def require_logged_in_admin + require_logged_in_user + + if @user + if @user.is_admin? + true + else + flash[:error] = "You are not authorized to access that resource." + redirect_to "/" + end + end + end + + def require_logged_in_user_or_400 + if @user + true + else + render plain: "not logged in", status: 400 + false + end + end +end diff --git a/benchmarks/lobsters/app/controllers/concerns/story_finder.rb b/benchmarks/lobsters/app/controllers/concerns/story_finder.rb new file mode 100644 index 00000000..c50d00a5 --- /dev/null +++ b/benchmarks/lobsters/app/controllers/concerns/story_finder.rb @@ -0,0 +1,26 @@ +module StoryFinder + extend ActiveSupport::Concern + + def find_story + story = Story.find_by(short_id: params[:story_id] || params[:id]) + # convenience to use PK (from external queries) without generally permitting enumeration: + story ||= Story.find(params[:id]) if @user&.is_admin? + + if @user && story + story.current_vote = Vote.find_by( + user: @user, + story: story.id, + comment: nil + ).try(:vote) + end + + story + end + + def find_story! + @story = find_story + if !@story + raise ActiveRecord::RecordNotFound + end + end +end diff --git a/benchmarks/lobsters/app/controllers/csp_controller.rb b/benchmarks/lobsters/app/controllers/csp_controller.rb index 2914a7ca..f7bdbc10 100644 --- a/benchmarks/lobsters/app/controllers/csp_controller.rb +++ b/benchmarks/lobsters/app/controllers/csp_controller.rb @@ -1,3 +1,5 @@ +# typed: false + class CspController < ApplicationController skip_before_action :verify_authenticity_token skip_before_action :authenticate_user diff --git a/benchmarks/lobsters/app/controllers/domains_ban_controller.rb b/benchmarks/lobsters/app/controllers/domains_ban_controller.rb new file mode 100644 index 00000000..22c86c52 --- /dev/null +++ b/benchmarks/lobsters/app/controllers/domains_ban_controller.rb @@ -0,0 +1,28 @@ +# typed: false + +class DomainsBanController < DomainsController + before_action :require_logged_in_moderator + before_action :find_or_initialize_domain + + def create_and_ban + @domain = Domain.create!(domain: params[:id]) + @domain.ban_by_user_for_reason!(@user, domain_params[:banned_reason]) + flash[:success] = "Domain created and banned. Real short run." + redirect_to domain_path(@domain) + end + + def update + if domain_params[:banned_reason].present? + if @domain.banned? + @domain.unban_by_user_for_reason!(@user, domain_params[:banned_reason]) + else + @domain.ban_by_user_for_reason!(@user, domain_params[:banned_reason]) + end + flash[:success] = "Domain updated." + redirect_to domain_path(@domain) + else + flash.now[:error] = "Reason required for the modlog." + render :edit + end + end +end diff --git a/benchmarks/lobsters/app/controllers/domains_controller.rb b/benchmarks/lobsters/app/controllers/domains_controller.rb index e727570d..56b27583 100644 --- a/benchmarks/lobsters/app/controllers/domains_controller.rb +++ b/benchmarks/lobsters/app/controllers/domains_controller.rb @@ -1,43 +1,58 @@ +# typed: false + class DomainsController < ApplicationController - before_action :require_logged_in_admin - before_action :find_domain, only: [:edit, :update] + before_action :require_logged_in_moderator, only: [:edit, :update] + before_action :find_or_initialize_domain, only: [:edit, :update] - def edit; end + def create + @domain = Domain.new(domain: params[:new_domain]) + @domain.selector = domain_params[:selector] + @domain.replacement = domain_params[:replacement] + + if @domain.save + flash[:success] = "Domain created" + redirect_to domain_path(@domain) + else + render :edit + end + end + + def edit + end def update - if domain_params[:banned_reason].present? - if @domain.banned? - @domain.unban_by_user_for_reason!(@user, domain_params[:banned_reason]) - else - @domain.ban_by_user_for_reason!(@user, domain_params[:banned_reason]) - end - flash[:success] = "Domain updated." + @domain.assign_attributes(domain_params) + if @domain.save + flash[:success] = "Domain edited" redirect_to domain_path(@domain) else - flash.now[:error] = "Reason required for the modlog." render :edit end end -private + private def domain_params - params.require(:domain).permit(:banned_reason) + params.require(:domain).permit(:banned_reason, :selector, :replacement) end - def find_domain - @domain = Domain.find_by(domain: params[:id]) + def find_or_initialize_domain + @domain = Domain.find_or_initialize_by(domain: params[:id]) end def path_of_form(domain) - prms = { name: domain.domain } + prms = {name: domain.domain} domain.banned_at ? unban_domain_path(prms) : update_domain_path(prms) end helper_method :path_of_form def caption_of_button(domain) - domain.banned_at ? 'Unban' : 'Ban' + if domain.new_record? + "Create and Ban" + else + domain.banned_at ? "Unban" : "Ban" + end end helper_method :caption_of_button diff --git a/benchmarks/lobsters/app/controllers/filters_controller.rb b/benchmarks/lobsters/app/controllers/filters_controller.rb index 50293a71..820a5497 100644 --- a/benchmarks/lobsters/app/controllers/filters_controller.rb +++ b/benchmarks/lobsters/app/controllers/filters_controller.rb @@ -1,3 +1,5 @@ +# typed: false + class FiltersController < ApplicationController before_action :authenticate_user before_action :show_title_h1 @@ -6,25 +8,25 @@ def index @title = "Filtered Tags" @categories = Category.all - .order('category asc, tags.tag asc') - .eager_load(:tags) - .references(:tags) - .where('tags.active = true') + .order("category asc, tags.tag asc") + .eager_load(:tags) + .references(:tags) + .where("tags.active = true") # perf: three queries is much faster than joining, grouping on tags.id for counts @story_counts = Tagging.group(:tag_id).count @filter_counts = TagFilter.group(:tag_id).count - if @user - @filtered_tags = @user.tag_filter_tags.index_by(&:id) + @filtered_tags = if @user + @user.tag_filter_tags.index_by(&:id) else - @filtered_tags = tags_filtered_by_cookie.index_by(&:id) + tags_filtered_by_cookie.index_by(&:id) end end def update - new_tags = Tag.active.where(:tag => (params[:tags] || {}).keys).to_a - new_tags.keep_if {|t| t.user_can_filter? @user } + new_tags = Tag.active.where(tag: (params[:tags] || {}).keys).to_a + new_tags.keep_if { |t| t.user_can_filter? @user } if @user @user.tag_filter_tags = new_tags diff --git a/benchmarks/lobsters/app/controllers/hat_requests_controller.rb b/benchmarks/lobsters/app/controllers/hat_requests_controller.rb new file mode 100644 index 00000000..ae173911 --- /dev/null +++ b/benchmarks/lobsters/app/controllers/hat_requests_controller.rb @@ -0,0 +1,53 @@ +# typed: false + +class HatRequestsController < ApplicationController + before_action :require_logged_in_user + before_action :require_logged_in_moderator, only: [:approve, :reject] + before_action :show_title_h1 + + def new + @title = "Request a Hat" + @hat_request = HatRequest.new + render :new + end + + def create + @hat_request = HatRequest.new + @hat_request.user_id = @user.id + @hat_request.hat = params[:hat_request][:hat] + @hat_request.link = params[:hat_request][:link] + @hat_request.comment = params[:hat_request][:comment] + + if @hat_request.save + flash[:success] = "Successfully submitted hat request." + return redirect_to "/hats" + end + + render action: :new + end + + def index + @title = "Hat Requests" + @hat_requests = HatRequest.all.includes(:user) + end + + def approve + @hat_request = HatRequest.find(params[:id]) + @hat_request.update!(params.require(:hat_request) + .permit(:hat, :link, :reason).except(:reason)) + @hat_request.approve_by_user_for_reason!(@user, params[:hat_request][:reason]) + + flash[:success] = "Successfully approved hat request." + + redirect_to hat_requests_path + end + + def reject + @hat_request = HatRequest.find(params[:id]) + @hat_request.reject_by_user_for_reason!(@user, params[:hat_request][:reason]) + + flash[:success] = "Successfully rejected hat request." + + redirect_to hat_requests_path + end +end diff --git a/benchmarks/lobsters/app/controllers/hats_controller.rb b/benchmarks/lobsters/app/controllers/hats_controller.rb index 0ddc7143..960fd220 100644 --- a/benchmarks/lobsters/app/controllers/hats_controller.rb +++ b/benchmarks/lobsters/app/controllers/hats_controller.rb @@ -1,63 +1,90 @@ +# typed: false + class HatsController < ApplicationController - before_action :require_logged_in_user, :except => [:index] - before_action :require_logged_in_moderator, :except => [:build_request, :index, :create_request] + before_action :require_logged_in_user, except: [:index] before_action :show_title_h1 - - def build_request - @title = "Request a Hat" - - @hat_request = HatRequest.new - end + before_action :find_hat!, only: [:doff, :doff_by_user, :edit, :update_in_place, :update_by_recreating] + before_action :only_hat_user_or_moderator, only: [:edit, :update_in_place, :update_by_recreating, :doff, :doff_by_user] def index @title = "Hats" @hat_groups = {} - Hat.active.includes(:user).each do |h| + Hat.active.includes(:user).find_each do |h| @hat_groups[h.hat] ||= [] @hat_groups[h.hat].push h end end - def create_request - @hat_request = HatRequest.new - @hat_request.user_id = @user.id - @hat_request.hat = params[:hat_request][:hat] - @hat_request.link = params[:hat_request][:link] - @hat_request.comment = params[:hat_request][:comment] + def doff + @title = "Doffing a Hat" + end - if @hat_request.save - flash[:success] = "Successfully submitted hat request." - return redirect_to "/hats" + def doff_by_user + if params[:reason].blank? + flash[:error] = "You must give a reason for the doffing." + return redirect_to doff_hat_path(@hat) end - render :action => "build_request" + @hat.doff_by_user_with_reason(@user, params[:reason]) + redirect_to @user end - def requests_index - @title = "Hat Requests" + def edit + @title = "Edit a Hat" + end - @hat_requests = HatRequest.all.includes(:user) + def update_in_place + old_hat = @hat.hat + new_hat = params[:hat][:hat] + + if @hat.update(hat: new_hat) + m = Moderation.new + m.user_id = @hat.user_id + m.moderator_user_id = @hat.user_id + m.action = "Renamed hat \"#{old_hat}\" to \"#{new_hat}\"" + m.save! + + redirect_to hats_url + else + flash[:error] = @hat.errors.full_messages.join(", ") + redirect_to edit_hat_path(@hat) + end end - def approve_request - @hat_request = HatRequest.find(params[:id]) - @hat_request.update!(params.require(:hat_request) - .permit(:hat, :link, :reason).except(:reason)) - @hat_request.approve_by_user_for_reason!(@user, params[:hat_request][:reason]) + def update_by_recreating + new_hat = params[:hat][:hat] + + replaced_hat = @hat.dup + replaced_hat.hat = new_hat + replaced_hat.doffed_at = nil - flash[:success] = "Successfully approved hat request." + if replaced_hat.save + @hat.doff_by_user_with_reason(@user, "To replace with \"#{new_hat}\"") - return redirect_to "/hats/requests" + redirect_to hats_url + else + flash[:error] = replaced_hat.errors.full_messages.join(", ") + redirect_to edit_hat_path(@hat) + end end - def reject_request - @hat_request = HatRequest.find(params[:id]) - @hat_request.reject_by_user_for_reason!(@user, params[:hat_request][:reason]) + private - flash[:success] = "Successfully rejected hat request." + def only_hat_user_or_moderator + if @hat.user == @user || @user&.is_moderator? + true + else + redirect_to @user + end + end - return redirect_to "/hats/requests" + def find_hat! + @hat = if @user.is_moderator? + Hat.find_by(short_id: params[:id]) + else + @user.wearable_hats.find_by(short_id: params[:id]) + end end end diff --git a/benchmarks/lobsters/app/controllers/home_controller.rb b/benchmarks/lobsters/app/controllers/home_controller.rb index aedf7fd2..3f538582 100644 --- a/benchmarks/lobsters/app/controllers/home_controller.rb +++ b/benchmarks/lobsters/app/controllers/home_controller.rb @@ -1,12 +1,14 @@ +# typed: false + class HomeController < ApplicationController include IntervalHelper - caches_page :index, :newest, :newest_by_user, :recent, :top, if: CACHE_PAGE + caches_page :active, :index, :newest, :newest_by_user, :recent, :top, if: CACHE_PAGE # for rss feeds, load the user's tag filters if a token is passed - before_action :find_user_from_rss_token, :only => [:index, :newest, :saved, :upvoted] + before_action :find_user_from_rss_token, only: [:index, :newest, :saved, :upvoted] before_action { @page = page } - before_action :require_logged_in_user, :only => [:hidden, :saved, :upvoted] + before_action :require_logged_in_user, only: [:hidden, :saved, :upvoted] before_action :show_title_h1, only: [:top] def active @@ -14,8 +16,8 @@ def active paginate stories.active } - @title = 'Active Discussions' - @above = 'active' + @title = "Active Discussions" + @above = {partial: "active"} respond_to do |format| format.html { render action: :index } @@ -29,9 +31,9 @@ def hidden } @title = "Hidden Stories" - @above = 'saved/subnav' + @above = {partial: "saved/subnav"} - render :action => "index" + render action: "index" end def index @@ -40,31 +42,31 @@ def index } @rss_link ||= { - :title => "RSS 2.0", - :href => user_token_link("/rss"), + title: "RSS 2.0", + href: user_token_link("/rss") } @comments_rss_link ||= { - :title => "Comments - RSS 2.0", - :href => user_token_link("/comments.rss"), + title: "Comments - RSS 2.0", + href: user_token_link("/comments.rss") } @title = "" @root_path = true respond_to do |format| - format.html { render :action => "index" } + format.html { render action: "index" } format.rss { if @user @title = "Private feed for #{@user.username}" - render :action => "rss", :layout => false + render action: "stories", layout: false else - content = Rails.cache.fetch("rss", :expires_in => (60 * 2)) { - render_to_string :action => "rss", :layout => false + content = Rails.cache.fetch("rss", expires_in: (60 * 2)) { + render_to_string action: "stories", layout: false } - render :plain => content, :layout => false + render plain: content, layout: false end } - format.json { render :json => @stories } + format.json { render json: @stories } end end @@ -74,47 +76,42 @@ def newest } @title = "Newest Stories" - @above = 'stories/subnav' + @above = {partial: "stories/subnav"} @rss_link = { - :title => "RSS 2.0 - Newest Items", - :href => user_token_link("/newest.rss"), + title: "RSS 2.0 - Newest Items", + href: user_token_link("/newest.rss") } respond_to do |format| - format.html { render :action => "index" } + format.html { render action: "index" } format.rss { if @user && params[:token].present? @title += " - Private feed for #{@user.username}" end - render :action => "rss", :layout => false + render action: "stories", layout: false } - format.json { render :json => @stories } + format.json { render json: @stories } end + + @user&.touch(:last_read_newest) end def newest_by_user by_user = User.find_by!(username: params[:user]) - @stories, @show_more = get_from_cache(by_user: by_user) { - if @user && @user.is_moderator? - paginate stories.newest_including_deleted_by_user(by_user) - else - paginate stories.newest_by_user(by_user) - end - } + @stories, @show_more = paginate stories.newest_by_user(by_user) @title = "Newest Stories by #{by_user.username}" - @newest_by_user = by_user - @above = 'newest_by_user' + @above = {partial: "newest_by_user", locals: {newest_by_user: by_user}} respond_to do |format| - format.html { render :action => "index" } + format.html { render action: "index" } format.rss { - render :action => "rss", :layout => false + render action: "stories", layout: false } - format.json { render :json => @stories } + format.json { render json: @stories } end end @@ -124,13 +121,13 @@ def recent } @title = "Recent Stories" - @above = 'stories/subnav' - @below = 'recent' + @above = {partial: "stories/subnav"} + @below = {partial: "recent"} # our list is unstable because upvoted stories get removed, so point at /newest.rss - @rss_link = { :title => "RSS 2.0 - Newest Items", :href => user_token_link("/newest.rss") } + @rss_link = {title: "RSS 2.0 - Newest Items", href: user_token_link("/newest.rss")} - render :action => "index" + render action: "index" end def saved @@ -139,47 +136,47 @@ def saved } @rss_link ||= { - :title => "RSS 2.0", - :href => user_token_link("/saved.rss"), + title: "RSS 2.0", + href: user_token_link("/saved.rss") } @title = "Saved Stories" - @above = 'saved/subnav' + @above = {partial: "saved/subnav"} respond_to do |format| - format.html { render :action => "index" } + format.html { render action: "index" } format.rss { if @user @title = "Private feed of saved stories for #{@user.username}" end - render :action => "rss", :layout => false + render action: "stories", layout: false } - format.json { render :json => @stories } + format.json { render json: @stories } end end def category - category_params = params[:category].split(',') - @categories = Category.where(category: category_params) + category_params = params[:category].split(",") + categories = Category.where(category: category_params) - raise ActiveRecord::RecordNotFound unless @categories.length == category_params.length + raise ActiveRecord::RecordNotFound unless categories.length == category_params.length - @stories, @show_more = get_from_cache(categories: category_params.sort.join(',')) do - paginate stories.categories(@categories) + @stories, @show_more = get_from_cache(categories: category_params.sort.join(",")) do + paginate stories.categories(categories) end - @title = @categories.map(&:category).join(' ') - @above = 'category' + @title = categories.map(&:category).join(" ") + @above = {partial: "category", locals: {categories: categories}} @rss_link = { title: "RSS 2.0 - Categorized #{@title}", - href: category_url(params[:category], format: 'rss'), + href: category_url(params[:category], format: "rss") } respond_to do |format| - format.html { render :action => "index" } - format.rss { render :action => "rss", :layout => false } - format.json { render :json => @stories } + format.html { render action: "index" } + format.rss { render action: "stories", layout: false } + format.json { render json: @stories } end end @@ -190,48 +187,48 @@ def single_tag paginate stories.tagged([@tag]) end - @title = [@tag.tag, @tag.description].compact.join(' - ') - @above = 'single_tag' @related = Rails.cache.fetch("related_#{@tag.tag}", expires_in: 1.day) { Tag.related(@tag) } - @below = 'tags/multi_tag_tip' + @title = [@tag.tag, @tag.description].compact.join(" - ") + @above = {partial: "single_tag", locals: {tag: @tag, related: @related}} + @below = {partial: "tags/multi_tag_tip"} @rss_link = { title: "RSS 2.0 - Tagged #{@tag.tag} (#{@tag.description})", - href: "/t/#{@tag.tag}.rss", + href: "/t/#{@tag.tag}.rss" } respond_to do |format| - format.html { render :action => "index" } - format.rss { render :action => "rss", :layout => false } - format.json { render :json => @stories } + format.html { render action: "index" } + format.rss { render action: "stories", layout: false } + format.json { render json: @stories } end end def multi_tag - tag_params = params[:tag].split(',') + tag_params = params[:tag].split(",") @tags = Tag.where(tag: tag_params) raise ActiveRecord::RecordNotFound unless @tags.length == tag_params.length - @stories, @show_more = get_from_cache(tags: tag_params.sort.join(',')) do + @stories, @show_more = get_from_cache(tags: tag_params.sort.join(",")) do paginate stories.tagged(@tags) end @title = @tags.map do |tag| - [tag.tag, tag.description].compact.join(' - ') - end.join(' ') - @above = 'multi_tag' + [tag.tag, tag.description].compact.join(" - ") + end.join(" ") + @above = {partial: "multi_tag", locals: {tags: @tags}} @rss_link = { title: "RSS 2.0 - Tagged #{tags_with_description_for_rss(@tags)}", - href: "/t/#{params[:tag]}.rss", + href: "/t/#{params[:tag]}.rss" } respond_to do |format| - format.html { render :action => "index" } - format.rss { render :action => "rss", :layout => false } - format.json { render :json => @stories } + format.html { render action: "index" } + format.rss { render action: "stories", layout: false } + format.json { render json: @stories } end end @@ -239,21 +236,43 @@ def for_domain @domain = Domain.find_by!(domain: params[:id]) @stories, @show_more = get_from_cache(domain: @domain.domain) do - paginate @domain.stories.base(@user).order('id desc') + paginate @domain.stories.base(@user).order("id desc") end @title = @domain.domain - @above = 'for_domain' + @above = {partial: "for_domain", locals: {domain: @domain, stories: @stories}} @rss_link = { title: "RSS 2.0 - For #{@domain.domain}", - href: "/domain/#{@domain.domain}.rss", + href: "/domains/#{@domain.domain}.rss" } respond_to do |format| - format.html { render :action => "index" } - format.rss { render :action => "rss", :layout => false } - format.json { render :json => @stories } + format.html { render action: "index" } + format.rss { render action: "stories", layout: false } + format.json { render json: @stories } + end + end + + def for_origin + @origin = Origin.find_by!(identifier: params[:identifier]) + + @stories, @show_more = get_from_cache(identifier: @origin.identifier) do + paginate @origin.stories.base(@user).order("id desc") + end + + @title = @origin.identifier + @above = {partial: "for_origin", locals: {origin: @origin, stories: @stories}} + + @rss_link = { + title: "RSS 2.0 - For #{@origin.identifier}", + href: "/origins/#{@origin.identifier}.rss" + } + + respond_to do |format| + format.html { render action: "index" } + format.rss { render action: "stories", layout: false } + format.json { render json: @stories } end end @@ -264,35 +283,35 @@ def top paginate stories.top(length) } - if length[:dur] > 1 - @title = "Top Stories of the Past #{length[:dur]} #{length[:intv]}" + @title = if length[:dur] > 1 + "Top Stories of the Past #{length[:dur]} #{length[:intv]}" else - @title = "Top Stories of the Past #{length[:intv]}" + "Top Stories of the Past #{length[:intv]}" end - @above = 'stories/subnav' + @above = "stories/subnav" @rss_link ||= { - :title => "RSS 2.0 - " + @title, - :href => "/top/rss", + title: "RSS 2.0 - " + @title, + href: "/top/rss" } respond_to do |format| - format.html { render :action => "index" } - format.rss { render :action => "rss", :layout => false } + format.html { render action: "index" } + format.rss { render action: "stories", layout: false } end end def upvoted @stories, @show_more = get_from_cache(upvoted: true, user: @user) { - paginate @user.upvoted_stories.includes(:tags).order('votes.id DESC') + paginate @user.upvoted_stories.includes(:tags).order("votes.id DESC") } @title = "Upvoted Stories" - @above = 'saved/subnav' + @above = "saved/subnav" @rss_link = { - :title => "RSS 2.0 - Upvoted Stories", - :href => user_token_link("/upvoted.rss"), + title: "RSS 2.0 - Upvoted Stories", + href: user_token_link("/upvoted.rss") } respond_to do |format| @@ -302,13 +321,13 @@ def upvoted @title += " - Private feed for #{@user.username}" end - render :action => "rss", :layout => false + render action: "stories", layout: false } - format.json { render :json => @stories } + format.json { render json: @stories } end end -private + private def filtered_tag_ids if @user @@ -326,7 +345,7 @@ def page p = params[:page].to_i if p == 0 p = 1 - elsif p < 0 || p > (2 ** 32) + elsif p < 0 || p > (2**32) raise ActionController::RoutingError.new("page out of bounds") end p @@ -336,13 +355,13 @@ def paginate(scope) StoriesPaginator.new(scope, page, @user).get end - def get_from_cache(opts = {}, &block) + def get_from_cache(opts = {}, &) if Rails.env.development? || @user || tags_filtered_by_cookie.any? yield else - key = opts.merge(page: page).sort.map {|k, v| "#{k}=#{v.to_param}" }.join(" ") + key = opts.merge(page: page).sort.map { |k, v| "#{k}=#{v.to_param}" }.join(" ") begin - Rails.cache.fetch("stories #{key}", :expires_in => 45, &block) + Rails.cache.fetch("stories #{key}", expires_in: 45, &) rescue Errno::ENOENT => e Rails.logger.error "error fetching stories #{key}: #{e}" yield @@ -355,6 +374,6 @@ def user_token_link(url) end def tags_with_description_for_rss(tags) - tags.map {|tag| "#{tag.tag} (#{tag.description})" }.join(' ') + tags.map { |tag| "#{tag.tag} (#{tag.description})" }.join(" ") end end diff --git a/benchmarks/lobsters/app/controllers/inbox_controller.rb b/benchmarks/lobsters/app/controllers/inbox_controller.rb index fe18b85c..8336aad6 100644 --- a/benchmarks/lobsters/app/controllers/inbox_controller.rb +++ b/benchmarks/lobsters/app/controllers/inbox_controller.rb @@ -1,3 +1,5 @@ +# typed: false + class InboxController < ApplicationController before_action :require_logged_in_user diff --git a/benchmarks/lobsters/app/controllers/invitations_controller.rb b/benchmarks/lobsters/app/controllers/invitations_controller.rb index 79f2f1a5..5d6f8e9f 100644 --- a/benchmarks/lobsters/app/controllers/invitations_controller.rb +++ b/benchmarks/lobsters/app/controllers/invitations_controller.rb @@ -1,5 +1,7 @@ +# typed: false + class InvitationsController < ApplicationController - before_action :require_logged_in_user, :except => [:build, :create_by_request, :confirm_email] + before_action :require_logged_in_user, except: [:build, :create_by_request, :confirm_email] before_action :show_title_h1 def build @@ -8,7 +10,7 @@ def build @invitation_request = InvitationRequest.new else flash[:error] = "Public invitation requests are not allowed." - return redirect_to "/login" + redirect_to "/login" end end @@ -19,11 +21,11 @@ def index return redirect_to "/" end - @invitation_requests = InvitationRequest.where(:is_verified => true) + @invitation_requests = InvitationRequest.where(is_verified: true) end def confirm_email - if !(ir = InvitationRequest.where(:code => params[:code].to_s).first) + if !(ir = InvitationRequest.where(code: params[:code].to_s).first) flash[:error] = "Invalid or expired invitation request" return redirect_to "/invitations/request" end @@ -31,9 +33,9 @@ def confirm_email ir.is_verified = true ir.save! - flash[:success] = "Your invitation request has been validated and " << - "will now be shown to other logged-in users." - return redirect_to "/invitations/request" + flash[:success] = "Your invitation request has been validated and " \ + "will now be shown to other logged-in users." + redirect_to "/invitations/request" end def create @@ -45,54 +47,55 @@ def create i = Invitation.new i.user_id = @user.id - i.email = params[:email] + i.email = params[:email].delete_prefix("mailto:").strip i.memo = params[:memo] begin i.save! i.send_email flash[:success] = "Successfully e-mailed invitation to " << - params[:email].to_s << "." + params[:email].to_s << "." rescue => e Rails.logger.error "Error creating invitation for #{params[:email]}: #{e.message}" - flash[:error] = "Could not send invitation, verify the e-mail " << - "address is valid." + flash[:error] = "Could not send invitation, verify the e-mail " \ + "address is valid." end if params[:return_home] - return redirect_to "/" + redirect_to "/" else - return redirect_to "/settings" + redirect_to "/settings" end end def create_by_request if Rails.application.allow_invitation_requests? @invitation_request = InvitationRequest.new( - params.require(:invitation_request).permit(:name, :email, :memo)) + params.require(:invitation_request).permit(:name, :email, :memo) + ) @invitation_request.ip_address = request.remote_ip if @invitation_request.save flash[:success] = "You have been e-mailed a confirmation to " << - params[:invitation_request][:email].to_s << "." - return redirect_to "/invitations/request" + params[:invitation_request][:email].to_s << "." + redirect_to "/invitations/request" else - render :action => :build + render action: :build end else - return redirect_to "/login" + redirect_to "/login" end end def send_for_request if !@user.can_see_invitation_requests? - flash[:error] = "Your account is not permitted to view invitation " << - "requests." + flash[:error] = "Your account is not permitted to view invitation " \ + "requests." return redirect_to "/" end - if !(ir = InvitationRequest.where(:code => params[:code].to_s).first) + if !(ir = InvitationRequest.where(code: params[:code].to_s).first) flash[:error] = "Invalid or expired invitation request" return redirect_to "/invitations" end @@ -104,12 +107,12 @@ def send_for_request i.send_email ir.destroy! flash[:success] = "Successfully e-mailed invitation to " << - ir.name.to_s << "." + ir.name.to_s << "." Rails.logger.info "[u#{@user.id}] sent invitiation for request " << - ir.inspect + ir.inspect - return redirect_to "/invitations" + redirect_to "/invitations" end def delete_request @@ -117,18 +120,18 @@ def delete_request return redirect_to "/invitations" end - if !(ir = InvitationRequest.where(:code => params[:code].to_s).first) + if !(ir = InvitationRequest.where(code: params[:code].to_s).first) flash[:error] = "Invalid or expired invitation request" return redirect_to "/invitations" end ir.destroy! flash[:success] = "Successfully deleted invitation request from " << - ir.name.to_s << "." + ir.name.to_s << "." - Rails.logger.info "[u#{@user.id}] deleted invitation request " << - "from #{ir.inspect}" + Rails.logger.info "[u#{@user.id}] deleted invitation request " \ + "from #{ir.inspect}" - return redirect_to "/invitations" + redirect_to "/invitations" end end diff --git a/benchmarks/lobsters/app/controllers/jobs_mod_controller.rb b/benchmarks/lobsters/app/controllers/jobs_mod_controller.rb new file mode 100644 index 00000000..e068b968 --- /dev/null +++ b/benchmarks/lobsters/app/controllers/jobs_mod_controller.rb @@ -0,0 +1,7 @@ +# rubocop:disable Rails/ApplicationController +class JobsModController < ActionController::Base + include Authenticatable + + before_action :require_logged_in_moderator +end +# rubocop:enable Rails/ApplicationController diff --git a/benchmarks/lobsters/app/controllers/keybase_proofs_controller.rb b/benchmarks/lobsters/app/controllers/keybase_proofs_controller.rb index d9d743b0..f8b05d01 100644 --- a/benchmarks/lobsters/app/controllers/keybase_proofs_controller.rb +++ b/benchmarks/lobsters/app/controllers/keybase_proofs_controller.rb @@ -1,3 +1,5 @@ +# typed: false + class KeybaseProofsController < ApplicationController before_action :require_logged_in_user, only: [:new, :create, :destroy] before_action :check_new_params, only: :new @@ -19,10 +21,10 @@ def create if Keybase.proof_valid?(kb_username, kb_signature, @user.username) @user.add_or_update_keybase_proof(kb_username, kb_signature) @user.save! - return redirect_to Keybase.success_url(kb_username, kb_signature, kb_ua, @user.username) + redirect_to Keybase.success_url(kb_username, kb_signature, kb_ua, @user.username), allow_other_host: true else flash[:error] = "Failed to connect your account to Keybase. Try again from Keybase." - return redirect_to settings_path + redirect_to settings_path end end @@ -37,21 +39,21 @@ def destroy def kbconfig return render json: {} unless Keybase.enabled? - @domain = Keybase.DOMAIN + @domain = Rails.application.credentials.keybase.domain @name = Rails.application.name @brand_color = "#AC130D" @description = "Computing-focused community centered around link aggregation and discussion" - @contacts = ["admin@#{Keybase.DOMAIN}"] + @contacts = ["admin@#{@domain}"] @prefill_url = "#{new_keybase_proof_url}?kb_username=%{kb_username}&" \ "kb_signature=%{sig_hash}&kb_ua=%{kb_ua}&username=%{username}" - @profile_url = "#{u_url}/%{username}" - @check_url = "#{u_url}/%{username}.json" + @profile_url = "/~%{username}" + @check_url = "/~%{username}.json" @logo_black = "https://lobste.rs/small-black-logo.svg" @logo_full = "https://lobste.rs/full-color.logo.svg" @user_re = User.username_regex_s[1...-1] end -private + private def force_to_json request.format = :json @@ -60,7 +62,7 @@ def force_to_json def check_user_matches unless case_insensitive_match?(@user.username, params[:username]) flash[:error] = "not logged in as the correct user" - return redirect_to settings_path + redirect_to settings_path end end diff --git a/benchmarks/lobsters/app/controllers/login_controller.rb b/benchmarks/lobsters/app/controllers/login_controller.rb index 82387fe9..5774db80 100644 --- a/benchmarks/lobsters/app/controllers/login_controller.rb +++ b/benchmarks/lobsters/app/controllers/login_controller.rb @@ -1,14 +1,22 @@ +# typed: false + class LoginBannedError < StandardError; end + class LoginDeletedError < StandardError; end + class LoginTOTPFailedError < StandardError; end + class LoginWipedError < StandardError; end + class LoginFailedError < StandardError; end +class LoginPasswordTooLong < StandardError; end + class LoginController < ApplicationController before_action :authenticate_user - before_action :check_for_read_only_mode, :except => [:index] + before_action :check_for_read_only_mode, except: [:index] before_action :require_no_user_or_redirect, - only: [:index, :login, :forgot_password, :reset_password] + only: [:index, :login, :forgot_password, :reset_password] before_action :show_title_h1 def logout @@ -22,14 +30,14 @@ def logout def index @title = "Login" @referer ||= request.referer - render :action => "index" end def login - if params[:email].to_s.match(/@/) - user = User.where(:email => params[:email]).first + @title = "Login" + user = if /@/.match?(params[:email].to_s) + User.where(email: params[:email]).first else - user = User.where(:username => params[:email]).first + User.where(username: params[:email]).first end fail_reason = nil @@ -43,6 +51,11 @@ def login raise LoginWipedError end + # BCrypt accepts a max of 72 bytes (not characters!), bug #1277 + if params[:password].to_s.bytesize > 72 + raise LoginPasswordTooLong + end + if !user.authenticate(params[:password].to_s) raise LoginFailedError end @@ -55,9 +68,9 @@ def login raise LoginDeletedError end - if !user.password_digest.to_s.match(/^\$2a\$#{BCrypt::Engine::DEFAULT_COST}\$/) + if !user.password_digest.to_s.match(/^\$2a\$#{BCrypt::Engine::DEFAULT_COST}\$/o) user.password = user.password_confirmation = params[:password].to_s - user.save + user.save! end if user.has_2fa? && !Rails.env.development? @@ -82,27 +95,30 @@ def login end return redirect_to "/" + rescue LoginFailedError + fail_reason = "Invalid e-mail address and/or password." rescue LoginWipedError - fail_reason = "Your account was banned or deleted before the site changed admins. " << - "Your email and password hash were wiped for privacy." + fail_reason = "Your account was banned or deleted before the site changed admins. " \ + "Your email and password hash were wiped for privacy." + rescue LoginPasswordTooLong + fail_reason = "BCrypt passwords need to be less than 72 bytes, you'll have to reset to set a shorter one, sorry for the hassle." rescue LoginBannedError fail_reason = "Your account has been banned. Log: #{user.banned_reason}" + ModNote.tattle_on_banned_login(user) rescue LoginDeletedError - fail_reason = "Your account has been deleted." + fail_reason = "You deleted your account." + ModNote.tattle_on_deleted_login(user) rescue LoginTOTPFailedError fail_reason = "Your TOTP code was invalid." - rescue LoginFailedError - fail_reason = "Invalid e-mail address and/or password." end flash.now[:error] = fail_reason @referer = params[:referer] - index + render "index" end def forgot_password @title = "Reset Password" - render :action => "forgot_password" end def reset_password @@ -120,24 +136,24 @@ def reset_password end if @found_user.is_wiped? - flash.now[:error] = "It's not possible to reset your password " << - "because your account was deleted before the site changed admins " << - "and your email address was wiped for privacy." + flash.now[:error] = "It's not possible to reset your password " \ + "because your account was deleted before the site changed admins " \ + "and your email address was wiped for privacy." return forgot_password end @found_user.initiate_password_reset_for_ip(request.remote_ip) flash.now[:success] = "Password reset instructions have been e-mailed to you." - return index + render "index" end def set_new_password @title = "Set New Password" if (m = params[:token].to_s.match(/^(\d+)-/)) && - (Time.current - Time.zone.at(m[1].to_i)) < 24.hours - @reset_user = User.where(:password_reset_token => params[:token].to_s).first + (Time.current - Time.zone.at(m[1].to_i)) < 24.hours + @reset_user = User.where(password_reset_token: params[:token].to_s).first end if @reset_user && !@reset_user.is_banned? @@ -154,30 +170,30 @@ def set_new_password if @reset_user.save && @reset_user.is_active? if @reset_user.has_2fa? flash[:success] = "Your password has been reset." - return redirect_to "/login" + redirect_to "/login" else session[:u] = @reset_user.session_token - return redirect_to "/" + redirect_to "/" end else flash[:error] = "Could not reset password." end end else - flash[:error] = "Invalid reset token. It may have already been " << - "used or you may have copied it incorrectly." - return redirect_to forgot_password_path + flash[:error] = "Invalid reset token. It may have already been " \ + "used or you may have copied it incorrectly." + redirect_to forgot_password_path end end def twofa @title = "Login - Two Factor Authentication" if (tmpu = find_twofa_user) - Rails.logger.info " Authenticated as user #{tmpu.id} " << - "(#{tmpu.username}), verifying TOTP" + Rails.logger.info " Authenticated as user #{tmpu.id} " \ + "(#{tmpu.username}), verifying TOTP" else reset_session - return redirect_to "/login" + redirect_to "/login" end end @@ -186,18 +202,18 @@ def twofa_verify if (tmpu = find_twofa_user) && tmpu.authenticate_totp(params[:totp_code]) session[:u] = tmpu.session_token session.delete(:twofa_u) - return redirect_to "/" + redirect_to "/" else flash[:error] = "Your TOTP code did not match. Please try again." - return redirect_to "/login/2fa" + redirect_to "/login/2fa" end end -private + private def find_twofa_user if session[:twofa_u].present? - return User.where(:session_token => session[:twofa_u]).first + User.where(session_token: session[:twofa_u]).first end end end diff --git a/benchmarks/lobsters/app/controllers/messages_controller.rb b/benchmarks/lobsters/app/controllers/messages_controller.rb index 549fa308..0bba14a2 100644 --- a/benchmarks/lobsters/app/controllers/messages_controller.rb +++ b/benchmarks/lobsters/app/controllers/messages_controller.rb @@ -1,7 +1,9 @@ +# typed: false + class MessagesController < ApplicationController before_action :require_logged_in_user before_action :require_logged_in_moderator, only: [:mod_note] - before_action :find_message, :only => [:show, :destroy, :keep_as_new, :mod_note] + before_action :find_message, only: [:show, :destroy, :keep_as_new, :mod_note] before_action :show_title_h1 def index @@ -21,7 +23,7 @@ def index end } format.json { - render :json => @messages + render json: @messages } end end @@ -38,10 +40,10 @@ def sent @new_message = Message.new - render :action => "index" + render action: "index" } format.json { - render :json => @messages + render json: @messages } end end @@ -51,6 +53,7 @@ def create @new_message = Message.new(message_params) @new_message.author_user_id = @user.id + @new_message.hat = @user.wearable_hats.find_by(short_id: params[:message][:hat_id]) @direction = :out @@ -58,12 +61,11 @@ def create if @user.is_moderator? && @new_message.mod_note ModNote.create_from_message(@new_message, @user) end - flash[:success] = "Your message has been sent to " << - @new_message.recipient.username.to_s << "." - return redirect_to "/messages" + flash[:success] = "Your message has been sent to #{@new_message.recipient.username}." + redirect_to "/messages" else @messages = Message.inbox(@user).load - render :action => "index" + render action: "index" end end @@ -72,19 +74,19 @@ def show if @message.author @new_message = Message.new - @new_message.recipient_username = (@message.author_user_id == @user.id ? + @new_message.recipient_username = ((@message.author_user_id == @user.id) ? @message.recipient.username : @message.author.username) - if @message.subject.match(/^re:/i) - @new_message.subject = @message.subject + @new_message.subject = if /^re:/i.match?(@message.subject) + @message.subject else - @new_message.subject = "Re: #{@message.subject}" + "Re: #{@message.subject}" end end if @message.recipient_user_id == @user.id @message.has_been_read = true - @message.save + @message.save! end Rails.cache.delete("user:#{@user.id}:unread_replies") end @@ -103,9 +105,9 @@ def destroy flash[:success] = "Deleted message." if @message.author_user_id == @user.id - return redirect_to "/messages/sent" + redirect_to "/messages/sent" else - return redirect_to "/messages" + redirect_to "/messages" end end @@ -114,7 +116,7 @@ def batch_delete params.each do |k, v| if (v.to_s == "1") && (m = k.match(/^delete_(.+)$/)) - if (message = Message.where(:short_id => m[1]).first) + if (message = Message.where(short_id: m[1]).first) ok = false if message.author_user_id == @user.id message.deleted_by_author = true @@ -133,27 +135,27 @@ def batch_delete end end - flash[:success] = "Deleted #{deleted} #{'message'.pluralize(deleted)}" + flash[:success] = "Deleted #{deleted} #{"message".pluralize(deleted)}" @user.update_unread_message_count! - return redirect_to "/messages" + redirect_to "/messages" end def keep_as_new @message.has_been_read = false - @message.save + @message.save! - return redirect_to "/messages" + redirect_to "/messages" end def mod_note ModNote.create_from_message(@message, @user) - return redirect_to @message, notice: 'ModNote created' + redirect_to @message, notice: "ModNote created" end -private + private def message_params params.require(:message).permit( @@ -163,7 +165,7 @@ def message_params end def find_message - if (@message = Message.where(:short_id => params[:message_id] || params[:id]).first) + if (@message = Message.where(short_id: params[:message_id] || params[:id]).first) if @message.author_user_id == @user.id || @message.recipient_user_id == @user.id return true end @@ -171,6 +173,6 @@ def find_message flash[:error] = "Could not find message." redirect_to "/messages" - return false + false end end diff --git a/benchmarks/lobsters/app/controllers/mod/moderator_controller.rb b/benchmarks/lobsters/app/controllers/mod/moderator_controller.rb new file mode 100644 index 00000000..39d26a3f --- /dev/null +++ b/benchmarks/lobsters/app/controllers/mod/moderator_controller.rb @@ -0,0 +1,3 @@ +class Mod::ModeratorController < ApplicationController + before_action :require_logged_in_moderator +end diff --git a/benchmarks/lobsters/app/controllers/mod/reparents_controller.rb b/benchmarks/lobsters/app/controllers/mod/reparents_controller.rb new file mode 100644 index 00000000..3883fa6b --- /dev/null +++ b/benchmarks/lobsters/app/controllers/mod/reparents_controller.rb @@ -0,0 +1,35 @@ +class Mod::ReparentsController < Mod::ModeratorController + before_action :require_logged_in_admin + before_action :load_user + + def new + end + + def create + if params[:reason].blank? + return redirect_to new_mod_reparent_path({}, id: @reparent_user), flash: {error: "Reason can't be blank."} + end + + User.transaction do + ModNote.record_reparent!(@reparent_user, @user, params[:reason]) + @reparent_user.invited_by_user = @user + @reparent_user.save! + Moderation.create!({ + moderator: @user, + user: @reparent_user, + action: "Reparented user to be invited by #{@user.username}", + reason: params[:reason] + }) + end + Rails.cache.delete("users_tree_#{User.last.id}") # UsersController#tree + + redirect_to user_path(@reparent_user), flash: {success: "User been has reparented to you."} + end + + private + + def load_user + params.require(:id) + @reparent_user = User.find_by! username: params[:id] + end +end diff --git a/benchmarks/lobsters/app/controllers/mod/stories_controller.rb b/benchmarks/lobsters/app/controllers/mod/stories_controller.rb new file mode 100644 index 00000000..6375bfbd --- /dev/null +++ b/benchmarks/lobsters/app/controllers/mod/stories_controller.rb @@ -0,0 +1,68 @@ +class Mod::StoriesController < Mod::ModeratorController + include StoryFinder + + before_action :find_story! + before_action :show_title_h1 + + def edit + @title = "Edit Story" + + if @story.merged_into_story + @story.merge_story_short_id = @story.merged_into_story.short_id + User.update_counters @story.user_id, karma: (@story.votes.count * -2) + end + end + + def update + @story.is_deleted = false + @story.editor = @user + @story.attributes = story_params + + if @story.save + redirect_to @story.comments_path + else + render action: "edit" + end + end + + def undelete + @story.is_deleted = false + @story.editor = @user + @story.attributes = story_params + + if @story.save + Keystore.increment_value_for("user:#{@story.user.id}:stories_deleted", -1) + end + + redirect_to @story.comments_path + end + + def destroy + @story.attributes = story_params + + if @story.user_id != @user.id && @story.moderation_reason.blank? + @story.errors.add(:moderation_reason, message: "is required") + return render action: "edit" + end + + @story.is_deleted = true + @story.editor = @user + + if @story.save + Keystore.increment_value_for("user:#{@story.user.id}:stories_deleted") + Mastodon.delete_post(@story) + end + + redirect_to @story.comments_path + end + + private + + def story_params + params.require(:story).permit( + :title, :url, :description, :moderation_reason, + :merge_story_short_id, :is_unavailable, :user_is_author, :user_is_following, + tags_a: [] + ) + end +end diff --git a/benchmarks/lobsters/app/controllers/mod_controller.rb b/benchmarks/lobsters/app/controllers/mod_controller.rb index 8fe3a03c..0a1ab253 100644 --- a/benchmarks/lobsters/app/controllers/mod_controller.rb +++ b/benchmarks/lobsters/app/controllers/mod_controller.rb @@ -1,3 +1,5 @@ +# typed: false + # This controller is going to have a lot of one-off queries. If they do need # to be used elsewhere, remember to make them into model scopes. @@ -9,15 +11,16 @@ class ModController < ApplicationController def index @title = "Activity by Other Mods" @moderations = Moderation.all - .eager_load(:moderator, :story, :tag, :user, :comment => [:story, :user]) + .eager_load(:moderator, :story, :tag, :user, comment: [:story, :user]) .where("moderator_user_id != ? or moderator_user_id is null", @user.id) - .where('moderations.created_at >= (NOW() - INTERVAL 1 MONTH)') - .order('moderations.id desc') + # CHANGE: + .where("moderations.created_at >= DATE(('NOW', '-1 month')") + .order("moderations.id desc") end def flagged_stories @title = "Flagged Stories" - @stories = period(Story.includes(:tags).unmerged + @stories = period(Story.base(@user).unmerged .includes(:user, :tags) .where("flags > 1") .order("stories.id DESC")) @@ -26,7 +29,7 @@ def flagged_stories def flagged_comments @title = "Flagged Comments" @comments = period(Comment - .eager_load(:user, :hat, :story => :user, :votes => :user) + .eager_load(:user, :hat, story: :user, votes: :user) .where("comments.flags >= 2") .where("(select count(*) from votes where votes.comment_id = comments.id and @@ -43,10 +46,10 @@ def commenters @commenters = fc.commenters end -private + private def default_periods - @periods = %w{1d 2d 3d 1w 1m} + @periods = %w[1d 2d 3d 1w 1m] end def period(query) diff --git a/benchmarks/lobsters/app/controllers/mod_notes_controller.rb b/benchmarks/lobsters/app/controllers/mod_notes_controller.rb index a73a26b5..01779374 100644 --- a/benchmarks/lobsters/app/controllers/mod_notes_controller.rb +++ b/benchmarks/lobsters/app/controllers/mod_notes_controller.rb @@ -1,10 +1,12 @@ +# typed: false + class ModNotesController < ModController before_action :require_logged_in_moderator def index @title = "Mod Notes" @username = params[:username] - query = ModNote.order('created_at desc').includes(:moderator, :user) + query = ModNote.order("created_at desc").includes(:moderator, :user) if (@username = params[:username]) if (user = User.find_by(username: @username)) @title = "#{@username} Mod Notes" @@ -23,15 +25,15 @@ def create @mod_note = ModNote.new(mod_note_params) @mod_note.moderator = @user if @mod_note.save - redirect_to user_path(@mod_note.user), success: 'Noted' + redirect_to user_path(@mod_note.user), success: "Noted" else # This is bad and needs to change if note ever has non-trivial validation redirect_to user_path(@mod_note.user), - error: "Invalid note and Peter half-assed the error handling" + error: "Invalid note and Peter half-assed the error handling" end end -private + private def mod_note_params params.require(:mod_note).permit(:username, :note) diff --git a/benchmarks/lobsters/app/controllers/moderations_controller.rb b/benchmarks/lobsters/app/controllers/moderations_controller.rb index 3421ee1f..0fc52398 100644 --- a/benchmarks/lobsters/app/controllers/moderations_controller.rb +++ b/benchmarks/lobsters/app/controllers/moderations_controller.rb @@ -1,3 +1,5 @@ +# typed: false + class ModerationsController < ApplicationController ENTRIES_PER_PAGE = 50 @@ -5,55 +7,64 @@ class ModerationsController < ApplicationController def index @title = "Moderation Log" - @moderators = ['(All)', '(Users)'] + User.moderators.map(&:username) + @moderators = ["(All)", "(Users)"] + User.moderators.map(&:username) - @moderator = params.fetch('moderator', '(All)') + @moderator = moderation_params.fetch("moderator", "(All)") @what = { - :stories => params.dig(:what, :stories), - :comments => params.dig(:what, :comments), - :tags => params.dig(:what, :tags), - :users => params.dig(:what, :users), - :domains => params.dig(:what, :domains), - :categories => params.dig(:what, :categories), + stories: moderation_params.dig(:what, :stories), + comments: moderation_params.dig(:what, :comments), + tags: moderation_params.dig(:what, :tags), + users: moderation_params.dig(:what, :users), + domains: moderation_params.dig(:what, :domains), + origins: moderation_params.dig(:what, :origins), + categories: moderation_params.dig(:what, :categories) } @what.transform_values! { true } if @what.values.none? @moderations = Moderation.all.eager_load(:moderator, - :story, - :comment, - :tag, - :user, - :domain, - :category) + :story, + {comment: [:story, :user]}, + :tag, + :user, + :domain, + :origin, + :category) # filter based on target @moderations = case @moderator - when '(All)' + when "(All)" @moderations - when '(Users)' + when "(Users)" @moderations.where("is_from_suggestions = true") else - @moderations.joins(:moderator).where(:users => { :username => @moderator }) + @moderations.joins(:moderator).where(users: {username: @moderator}) end # filter based on type of thing moderated @what.each do |type, checked| next if checked - @moderations = @moderations.where("`moderations`.`#{type.to_s.singularize}_id` is null") + @moderations = @moderations.where("#{type.to_s.singularize}_id": nil) end # paginate @pages = (@moderations.count / ENTRIES_PER_PAGE).ceil - @page = params[:page].to_i + @page = moderation_params[:page].to_i if @page == 0 @page = 1 - elsif @page < 0 || @page > (2 ** 32) || @page > @pages + elsif @page < 0 || @page > (2**32) || @page > @pages raise ActionController::RoutingError.new("page out of bounds") end @moderations = @moderations - .offset((@page - 1) * ENTRIES_PER_PAGE) - .order("moderations.created_at desc") - .limit(ENTRIES_PER_PAGE) + .offset((@page - 1) * ENTRIES_PER_PAGE) + .order("moderations.created_at desc") + .limit(ENTRIES_PER_PAGE) + end + + private + + def moderation_params + @moderation_params ||= params.permit(:moderator, :page, + what: %i[stories comments tags users domains origins categories]) end end diff --git a/benchmarks/lobsters/app/controllers/origins_controller.rb b/benchmarks/lobsters/app/controllers/origins_controller.rb new file mode 100644 index 00000000..a8b3d89c --- /dev/null +++ b/benchmarks/lobsters/app/controllers/origins_controller.rb @@ -0,0 +1,49 @@ +# typed: false + +class OriginsController < ApplicationController + before_action :require_logged_in_moderator, only: [:edit, :update] + before_action :find_or_initialize_origin, only: [:edit, :update] + + def edit + end + + def update + @origin.assign_attributes(origin_params) + if params[:commit] == "Ban" + @origin.ban_by_user_for_reason! @user, origin_params[:banned_reason] + elsif params[:commit] == "Unban" + @origin.unban_by_user_for_reason! @user, origin_params[:banned_reason] + end + if @origin.save + flash[:success] = "Origin edited" + redirect_to origin_path(@origin) + else + render :edit + end + end + + def for_domain + @domain = Domain.find_by!(domain: params[:id]) + @origins = @domain.origins.order(identifier: :asc) + end + + private + + def origin_params + params.require(:origin).permit(:banned_reason) + end + + def find_or_initialize_origin + @origin = Origin.find_by! identifier: params[:identifier] + end + + def caption_of_button(origin) + if origin.new_record? + "Create and Ban" + else + origin.banned_at ? "Unban" : "Ban" + end + end + + helper_method :caption_of_button +end diff --git a/benchmarks/lobsters/app/controllers/replies_controller.rb b/benchmarks/lobsters/app/controllers/replies_controller.rb index a5b58409..b78b185b 100644 --- a/benchmarks/lobsters/app/controllers/replies_controller.rb +++ b/benchmarks/lobsters/app/controllers/replies_controller.rb @@ -1,7 +1,9 @@ +# typed: false + class RepliesController < ApplicationController REPLIES_PER_PAGE = 25 - before_action :require_logged_in_user, :flag_warning, :set_page, :show_title_h1 + before_action :require_logged_in_user, :set_page, :show_title_h1 after_action :update_read_ribbons, only: [:unread] after_action :clear_unread_replies_cache, only: [:comments, :stories] after_action :zero_unread_replies_cache, only: [:all, :unread] @@ -10,9 +12,9 @@ def all @title = "All Your Replies" @replies = ReplyingComment - .for_user(@user.id) - .offset((@page - 1) * REPLIES_PER_PAGE) - .limit(REPLIES_PER_PAGE) + .for_user(@user.id) + .offset((@page - 1) * REPLIES_PER_PAGE) + .limit(REPLIES_PER_PAGE) apply_current_vote render :show end @@ -20,9 +22,9 @@ def all def comments @title = "Your Comment Replies" @replies = ReplyingComment - .comment_replies_for(@user.id) - .offset((@page - 1) * REPLIES_PER_PAGE) - .limit(REPLIES_PER_PAGE) + .comment_replies_for(@user.id) + .offset((@page - 1) * REPLIES_PER_PAGE) + .limit(REPLIES_PER_PAGE) apply_current_vote render :show end @@ -30,9 +32,9 @@ def comments def stories @title = "Your Story Replies" @replies = ReplyingComment - .story_replies_for(@user.id) - .offset((@page - 1) * REPLIES_PER_PAGE) - .limit(REPLIES_PER_PAGE) + .story_replies_for(@user.id) + .offset((@page - 1) * REPLIES_PER_PAGE) + .limit(REPLIES_PER_PAGE) apply_current_vote render :show end @@ -44,17 +46,19 @@ def unread render :show end -private + private # comments/_comment expects Comment objects to have a comment_vote attribute # with the current user's vote added by StoriesController.load_user_votes def apply_current_vote + summaries = Vote.comment_vote_summaries(@replies.map { |r| r.comment.id }) @replies.each do |r| - next unless r.current_vote_vote.present? + next if r.current_vote_vote.blank? r.comment.current_vote = { vote: r.current_vote_vote, - reason: r.current_vote_reason.to_s, + reason: r.current_vote_reason.to_s } + r.comment.vote_summary = summaries[r.comment.id] end end @@ -70,7 +74,7 @@ def set_page @page = params[:page].to_i if @page == 0 @page = 1 - elsif @page < 0 || @page > (2 ** 32) + elsif @page < 0 || @page > (2**32) raise ActionController::RoutingError.new("page out of bounds") end end diff --git a/benchmarks/lobsters/app/controllers/search_controller.rb b/benchmarks/lobsters/app/controllers/search_controller.rb index 2c7a505e..0889ed14 100644 --- a/benchmarks/lobsters/app/controllers/search_controller.rb +++ b/benchmarks/lobsters/app/controllers/search_controller.rb @@ -1,29 +1,43 @@ +# typed: false + class SearchController < ApplicationController before_action :show_title_h1 + before_action :ignore_searx def index @title = "Search" - @search = Search.new - - if params[:q].to_s.present? - @search.q = params[:q].to_s + @search = Search.new(search_params, @user) - if params[:what].present? - @search.what = params[:what] + if @user && @search.results + summaries = {} + if params[:what] == "stories" + votes = Vote.story_votes_by_user_for_story_ids_hash(@user.id, @search.results.map(&:id)) end - if params[:order].present? - @search.order = params[:order] + if params[:what] == "comments" + comment_ids = @search.results.map(&:id) + votes = Vote.comment_votes_by_user_for_comment_ids_hash(@user.id, comment_ids) + summaries = Vote.comment_vote_summaries(comment_ids) end - if params[:page].present? - @search.page = params[:page].to_i - end - - if @search.valid? - @search.search_for_user!(@user) + @search.results.each do |r| + r.current_vote = votes.try(:[], r.id) + r.vote_summary = summaries[r.id] if params[:what] == "comments" end end + end + + private + + # searx is a meta-search engine, instances send endless garbage traffic to our most-expensive + # endpoint https://github.com/searx/searx/blob/master/searx/settings.yml#L807 + # If you are maintaining a searx fork, please don't 'fix' your targeting of this site. + def ignore_searx + return unless params[:utf8] == "✓" + @search = Search.new({results_count: 0}, nil) + render :index + end - render :action => "index" + def search_params + params.permit(:q, :what, :order, :page, :authenticity_token) end end diff --git a/benchmarks/lobsters/app/controllers/settings_controller.rb b/benchmarks/lobsters/app/controllers/settings_controller.rb index 8d1f5b60..39059471 100644 --- a/benchmarks/lobsters/app/controllers/settings_controller.rb +++ b/benchmarks/lobsters/app/controllers/settings_controller.rb @@ -1,3 +1,5 @@ +# typed: false + class SettingsController < ApplicationController before_action :require_logged_in_user, :show_title_h1 @@ -10,7 +12,7 @@ def index end def delete_account - unless params[:user][:i_am_sure] == '1' + unless params[:user][:i_am_sure] == "1" flash[:error] = 'You did not check the "I am sure" checkbox.' return redirect_to settings_path end @@ -21,13 +23,13 @@ def delete_account @user.delete! disown_text = "" - if params[:user][:disown] == '1' + if params[:user][:disown] == "1" disown_text = " and disowned your stories and comments." InactiveUser.disown_all_by_author! @user end reset_session flash[:success] = "You have deleted your account#{disown_text}. Bye." - return redirect_to "/" + redirect_to "/" end def update @@ -35,15 +37,16 @@ def update @edit_user = @user.clone if params[:user][:password].empty? || - @user.authenticate(params[:current_password].to_s) + @user.authenticate(params[:current_password].to_s) @edit_user.roll_session_token if params[:user][:password] if @edit_user.update(user_params) if @edit_user.username != previous_username + # sync this message to username field app/views/settings/index.html Moderation.create!( is_from_suggestions: true, user: @edit_user, - action: "changed own username from \"#{previous_username}\" " << - "to \"#{@edit_user.username}\"", + action: "changed own username from \"#{previous_username}\" " \ + "to \"#{@edit_user.username}\"" ) end session[:u] = @user.session_token if params[:user][:password] @@ -54,7 +57,7 @@ def update flash[:error] = "Your current password was not entered correctly." end - render :action => "index" + render action: "index" end def twofa @@ -69,13 +72,13 @@ def twofa_auth if @user.has_2fa? @user.disable_2fa! flash[:success] = "Two-Factor Authentication has been disabled." - return redirect_to "/settings" + redirect_to "/settings" else - return redirect_to twofa_enroll_url + redirect_to twofa_enroll_url end else flash[:error] = "Your password was not correct." - return redirect_to twofa_url + redirect_to twofa_url end end @@ -91,15 +94,15 @@ def twofa_enroll session[:totp_secret] = ROTP::Base32.random end - totp = ROTP::TOTP.new(session[:totp_secret], :issuer => Rails.application.name) + totp = ROTP::TOTP.new(session[:totp_secret], issuer: Rails.application.name) totp_url = totp.provisioning_uri(@user.email) qrcode = RQRCode::QRCode.new(totp_url) qr = qrcode.as_svg(offset: 0, - fill: "ffffff", - color: "000", - module_size: 5, - shape_rendering: "crispEdges") + fill: "ffffff", + color: "000", + module_size: 5, + shape_rendering: "crispEdges") @qr_secret = totp.secret @qr_svg = "#{qr}" @@ -109,15 +112,15 @@ def twofa_verify @title = "Two-Factor Authentication" if ((Time.now.to_i - session[:last_authed].to_i) > TOTP_SESSION_TIMEOUT) || - !session[:totp_secret] + !session[:totp_secret] flash[:error] = "Your enrollment period timed out." - return redirect_to twofa_url + redirect_to twofa_url end end def twofa_update if ((Time.now.to_i - session[:last_authed].to_i) > TOTP_SESSION_TIMEOUT) || - !session[:totp_secret] + !session[:totp_secret] flash[:error] = "Your enrollment period timed out." return redirect_to twofa_url end @@ -132,38 +135,38 @@ def twofa_update flash[:success] = "Two-Factor Authentication has been enabled on your account." session.delete(:totp_secret) - return redirect_to "/settings" + redirect_to "/settings" else - flash[:error] = "Your TOTP code was invalid, please verify the " << - "current code in your TOTP application." - return redirect_to twofa_verify_url + flash[:error] = "Your TOTP code was invalid, please verify the " \ + "current code in your TOTP application." + redirect_to twofa_verify_url end end # external services def pushover_auth - if !Pushover.SUBSCRIPTION_CODE + if !Pushover.enabled? flash[:error] = "This site is not configured for Pushover" return redirect_to "/settings" end session[:pushover_rand] = SecureRandom.hex - return redirect_to Pushover.subscription_url( - :success => "#{Rails.application.root_url}settings/pushover_callback?" << + redirect_to Pushover.subscription_url( + success: "#{Rails.application.root_url}settings/pushover_callback?" \ "rand=#{session[:pushover_rand]}", - :failure => "#{Rails.application.root_url}settings/", - ) + failure: "#{Rails.application.root_url}settings/" + ), allow_other_host: true end def pushover_callback - if !session[:pushover_rand].to_s.present? + if session[:pushover_rand].to_s.blank? flash[:error] = "No random token present in session" return redirect_to "/settings" end - if !params[:rand].to_s.present? + if params[:rand].to_s.blank? flash[:error] = "No random token present in URL" return redirect_to "/settings" end @@ -175,100 +178,106 @@ def pushover_callback @user.pushover_user_key = params[:pushover_user_key].to_s @user.save! - if @user.pushover_user_key.present? - flash[:success] = "Your account is now setup for Pushover notifications." + flash[:success] = if @user.pushover_user_key.present? + "Your account is now setup for Pushover notifications." else - flash[:success] = "Your account is no longer setup for Pushover notifications." + "Your account is no longer setup for Pushover notifications." end - return redirect_to "/settings" + redirect_to "/settings" end - def github_auth - session[:github_state] = SecureRandom.hex - return redirect_to Github.oauth_auth_url(session[:github_state]) + def mastodon_authentication end - def github_callback - if !session[:github_state].present? || - !params[:code].present? || - (params[:state].to_s != session[:github_state].to_s) - flash[:error] = "Invalid OAuth state" - return redirect_to "/settings" + def mastodon_auth + app = MastodonApp.find_or_register(params[:mastodon_instance_name]) + if app.persisted? + redirect_to app.oauth_auth_url, allow_other_host: true + else + redirect_to settings_path, flash: {error: app.errors.full_messages.join(" ")} end + end - session.delete(:github_state) + def mastodon_callback + if params[:code].blank? + flash[:error] = "Invalid OAuth state" + return redirect_to settings_path + end - tok, username = Github.token_and_user_from_code(params[:code]) + app = MastodonApp.find_or_register(params[:instance]) + tok, username = app.token_and_user_from_code(params[:code]) if tok.present? && username.present? - @user.github_oauth_token = tok - @user.github_username = username + @user.mastodon_oauth_token = tok + @user.mastodon_username = username + @user.mastodon_instance = params[:instance] @user.save! - flash[:success] = "Your account has been linked to GitHub user #{username}." + flash[:success] = "Linked to Mastodon user @#{username}@#{app.name}." else - return github_disconnect + flash[:error] = app.errors.full_messages.join(" ") + return mastodon_disconnect end - return redirect_to "/settings" + redirect_to settings_path end - def github_disconnect - @user.github_oauth_token = nil - @user.github_username = nil + def mastodon_disconnect + if (app = MastodonApp.find_by(name: @user.mastodon_instance)) + app.revoke_token(@user.mastodon_oauth_token) + end + @user.mastodon_instance = nil + @user.mastodon_oauth_token = nil + @user.mastodon_username = nil @user.save! - flash[:success] = "Your GitHub association has been removed." - return redirect_to "/settings" + # action may be called to tear down a failed auth + flash[:success] = "Your Mastodon association has been removed." if flash.empty? + redirect_to settings_path end - def twitter_auth - session[:twitter_state] = SecureRandom.hex - return redirect_to Twitter.oauth_auth_url(session[:twitter_state]) - rescue OAuth::Unauthorized - flash[:error] = "Twitter says we're not authenticating properly, please message the admin" - return redirect_to "/settings" + def github_auth + session[:github_state] = SecureRandom.hex + redirect_to Github.oauth_auth_url(session[:github_state]), allow_other_host: true end - def twitter_callback - if session[:twitter_state].blank? || - (params[:state].to_s != session[:twitter_state].to_s) + def github_callback + if session[:github_state].blank? || + params[:code].blank? || + (params[:state].to_s != session[:github_state].to_s) flash[:error] = "Invalid OAuth state" - return redirect_to "/settings" + return redirect_to settings_path end - session.delete(:twitter_state) + session.delete(:github_state) - tok, sec, username = Twitter.token_secret_and_user_from_token_and_verifier( - params[:oauth_token], params[:oauth_verifier]) + tok, username = Github.token_and_user_from_code(params[:code]) if tok.present? && username.present? - @user.twitter_oauth_token = tok - @user.twitter_oauth_token_secret = sec - @user.twitter_username = username + @user.github_oauth_token = tok + @user.github_username = username @user.save! - flash[:success] = "Your account has been linked to Twitter user @#{username}." + flash[:success] = "Your account has been linked to GitHub user #{username}." else - return twitter_disconnect + return github_disconnect end - return redirect_to "/settings" + redirect_to settings_path end - def twitter_disconnect - @user.twitter_oauth_token = nil - @user.twitter_username = nil - @user.twitter_oauth_token_secret = nil + def github_disconnect + @user.github_oauth_token = nil + @user.github_username = nil @user.save! - flash[:success] = "Your Twitter association has been removed." - return redirect_to "/settings" + flash[:success] = "Your GitHub association has been removed." + redirect_to settings_path end -private + private def user_params params.require(:user).permit( :username, :email, :password, :password_confirmation, :homepage, :about, :email_replies, :email_messages, :email_mentions, :pushover_replies, :pushover_messages, :pushover_mentions, - :mailing_list_mode, :show_avatars, :show_story_previews, + :mailing_list_mode, :show_email, :show_avatars, :show_story_previews, :show_submitted_story_threads, :prefers_color_scheme ) end diff --git a/benchmarks/lobsters/app/controllers/signup_controller.rb b/benchmarks/lobsters/app/controllers/signup_controller.rb index 8b0b7d8d..68c1d009 100644 --- a/benchmarks/lobsters/app/controllers/signup_controller.rb +++ b/benchmarks/lobsters/app/controllers/signup_controller.rb @@ -1,5 +1,7 @@ +# typed: false + class SignupController < ApplicationController - before_action :require_logged_in_user, :check_new_users, :check_can_invite, :only => :invite + before_action :require_logged_in_user, :check_new_users, :check_can_invite, only: :invite before_action :check_for_read_only_mode, :show_title_h1 def index @@ -9,7 +11,7 @@ def index return redirect_to "/" end if Rails.application.open_signups? - redirect_to action: :invited, invitation_code: 'open' and return + redirect_to action: :invited, invitation_code: "open" and return end end @@ -27,7 +29,7 @@ def invited end if !Rails.application.open_signups? - if !(@invitation = Invitation.unused.where(:code => params[:invitation_code].to_s).first) + if !(@invitation = Invitation.unused.where(code: params[:invitation_code].to_s).first) flash[:error] = "Invalid or expired invitation" return redirect_to "/signup" end @@ -40,13 +42,11 @@ def invited if !Rails.application.open_signups? @new_user.email = @invitation.email end - - render :action => "invited" end def signup if !Rails.application.open_signups? - if !(@invitation = Invitation.unused.where(:code => params[:invitation_code].to_s).first) + if !(@invitation = Invitation.unused.where(code: params[:invitation_code].to_s).first) flash[:error] = "Invalid or expired invitation." return redirect_to "/signup" end @@ -61,40 +61,38 @@ def signup end if @new_user.save - if @invitation - @invitation.update(used_at: Time.current, new_user: @new_user) - end + @invitation&.update!(used_at: Time.current, new_user: @new_user) session[:u] = @new_user.session_token - flash[:success] = "Welcome to #{Rails.application.name}, " << - "#{@new_user.username}!" + flash[:success] = "Welcome to #{Rails.application.name}, " \ + "#{@new_user.username}!" if Rails.application.allow_new_users_to_invite? - return redirect_to signup_invite_path + redirect_to signup_invite_path else - return redirect_to root_path + redirect_to root_path end else - render :action => "invited" + render action: "invited" end end -private + private def check_new_users if !Rails.application.allow_new_users_to_invite? && @user.is_new? - redirect_to root_path, flash: { error: "New users cannot send invites" } + redirect_to root_path, flash: {error: "New users cannot send invites"} end end def check_can_invite if !@user.can_invite? - redirect_to root_path, flash: { error: "You can't send invites" } + redirect_to root_path, flash: {error: "You can't send invites"} end end def user_params params.require(:user).permit( - :username, :email, :password, :password_confirmation, :about, + :username, :email, :password, :password_confirmation, :about ) end end diff --git a/benchmarks/lobsters/app/controllers/stats_controller.rb b/benchmarks/lobsters/app/controllers/stats_controller.rb index 91729f1a..3f1ac3af 100644 --- a/benchmarks/lobsters/app/controllers/stats_controller.rb +++ b/benchmarks/lobsters/app/controllers/stats_controller.rb @@ -1,3 +1,5 @@ +# typed: false + class StatsController < ApplicationController FIRST_MONTH = Time.new(2012, 7, 3).utc.freeze TIMESCALE_DIVISIONS = "1 year".freeze @@ -7,52 +9,53 @@ def index @users_graph = monthly_graph("users_graph", { graph_title: "Users joining by month", - scale_y_divisions: 100, + scale_y_divisions: 100 }) { - User.group("strftime('%Y-%m', created_at)").count + User.group("date_format(created_at, '%Y-%m')").count.to_a.flatten } @active_users_graph = monthly_graph("active_users_graph", { graph_title: "Active users by month", - scale_y_divisions: 500, + scale_y_divisions: 500 }) { - User.connection.execute <<~SQL + User.connection.select_all(<<~SQL SELECT ym, count(distinct user_id) FROM ( - SELECT strftime('%Y-%m', created_at) as ym, user_id FROM stories + SELECT date_format(created_at, '%Y-%m') as ym, user_id FROM stories UNION - SELECT strftime('%Y-%m', updated_at) as ym, user_id FROM votes + SELECT date_format(updated_at, '%Y-%m') as ym, user_id FROM votes UNION - SELECT strftime('%Y-%m', created_at) as ym, user_id FROM comments + SELECT date_format(created_at, '%Y-%m') as ym, user_id FROM comments ) as active_users GROUP BY 1 ORDER BY 1 asc; SQL + ).to_a.map(&:values).flatten } @stories_graph = monthly_graph("stories_graph", { graph_title: "Stories submitted by month", - scale_y_divisions: 250, + scale_y_divisions: 250 }) { - Story.group("strftime('%Y-%m', created_at)").count + Story.group("date_format(created_at, '%Y-%m')").count.to_a.flatten } @comments_graph = monthly_graph("comments_graph", { graph_title: "Comments posted by month", - scale_y_divisions: 1_000, + scale_y_divisions: 1_000 }) { - Comment.group("strftime('%Y-%m', created_at)").count + Comment.group("date_format(created_at, '%Y-%m')").count.to_a.flatten } @votes_graph = monthly_graph("votes_graph", { graph_title: "Votes cast by month", - scale_y_divisions: 10_000, + scale_y_divisions: 10_000 }) { - Vote.group("strftime('%Y-%m', updated_at)").count + Vote.group("date_format(updated_at, '%Y-%m')").count.to_a.flatten } end -private + private def monthly_graph(cache_key, opts) Rails.cache.fetch(cache_key, expires_in: 1.day) { @@ -82,12 +85,12 @@ def monthly_graph(cache_key, opts) area_fill: false, min_y_value: 0, number_format: "%d", - show_lines: false, + show_lines: false } graph = TimeSeries.new(defaults.merge(opts)) graph.add_data( - data: yield.to_a.flatten, - template: "%Y-%m", + data: yield, + template: "%Y-%m" ) graph.burn_svg_only } diff --git a/benchmarks/lobsters/app/controllers/stories_controller.rb b/benchmarks/lobsters/app/controllers/stories_controller.rb index 05a4861f..3a803e72 100644 --- a/benchmarks/lobsters/app/controllers/stories_controller.rb +++ b/benchmarks/lobsters/app/controllers/stories_controller.rb @@ -1,15 +1,18 @@ +# typed: false + class StoriesController < ApplicationController + include StoryFinder + caches_page :show, if: CACHE_PAGE before_action :require_logged_in_user_or_400, - :only => [:upvote, :flag, :unvote, :hide, :unhide, :preview, :save, :unsave] + only: [:upvote, :flag, :unvote, :hide, :unhide, :preview, :save, :unsave] before_action :require_logged_in_user, - :only => [:destroy, :create, :edit, :fetch_url_attributes, :new, :suggest] - before_action :verify_user_can_submit_stories, :only => [:new, :create] - before_action :find_user_story, :only => [:destroy, :edit, :undelete, :update] - before_action :find_story!, :only => [:suggest, :submit_suggestions] + only: [:destroy, :create, :edit, :fetch_url_attributes, :new] + before_action :verify_user_can_submit_stories, only: [:new, :create] + before_action :find_user_story, only: [:destroy, :edit, :undelete, :update] around_action :track_story_reads, only: [:show], if: -> { @user.present? } - before_action :show_title_h1, only: [:new, :edit, :suggest] + before_action :show_title_h1, only: [:new, :edit] def create @title = "Submit Story" @@ -17,34 +20,43 @@ def create @story = Story.new(user: @user) @story.attributes = story_params - if @story.valid? && !(@story.already_posted_recently? && !@story.seen_previous) - if ActiveRecord::Base.transaction { @story.save } - ReadRibbon.where(user: @user, story: @story).first_or_create - return redirect_to @story.comments_path + if @story.is_resubmit? + @comment = @story.comments.new(user: @user) + @comment.comment = params[:comment] + @comment.hat = @user.wearable_hats.find_by(short_id: params[:hat_id]) + end + + if @story.valid? && + !@story.already_posted_recently? && + (!@story.is_resubmit? || @comment.valid?) + + Story.transaction do + if @story.save && (!@story.is_resubmit? || @comment.save) + ReadRibbon.where(user: @user, story: @story).first_or_create! + redirect_to @story.comments_path + else + raise ActiveRecord::Rollback + end end + return if @story.persisted? # can't return out of transaction block end - return render :action => "new" + render action: "new" end def destroy - if !@story.is_editable_by_user?(@user) + if !@story.is_editable_by_user?(@user) && !@user.is_moderator? flash[:error] = "You cannot edit that story." return redirect_to "/" end update_story_attributes - - if @story.user_id != @user.id && @user.is_moderator? && !@story.moderation_reason.present? - @story.errors.add(:moderation_reason, message: 'is required') - return render :action => "edit" - end - @story.is_deleted = true @story.editor = @user if @story.save Keystore.increment_value_for("user:#{@story.user.id}:stories_deleted") + Mastodon.delete_post(@story) end redirect_to @story.comments_path @@ -57,11 +69,6 @@ def edit end @title = "Edit Story" - - if @story.merged_into_story - @story.merge_story_short_id = @story.merged_into_story.short_id - User.update_counters @story.user_id, karma: (@story.votes.count * -2) - end end def fetch_url_attributes @@ -69,7 +76,7 @@ def fetch_url_attributes s.fetching_ip = request.remote_ip s.url = params[:fetch_url] - return render :json => s.fetched_attributes + render json: s.fetched_attributes end def new @@ -83,8 +90,8 @@ def new sattrs = @story.fetched_attributes if sattrs[:url].present? && @story.url != sattrs[:url] - flash.now[:notice] = "Note: URL has been changed to fetched " << - "canonicalized version" + flash.now[:notice] = "Note: URL has been changed to fetched " \ + "canonicalized version" @story.url = sattrs[:url] end @@ -95,9 +102,15 @@ def new return redirect_to @story.most_recent_similar.comments_path end + if @story.is_resubmit? + @comment = @story.comments.new(user: @user) + @comment.comment = params[:comment] + @comment.hat = @user.wearable_hats.find_by(short_id: params[:hat_id]) + end + # ignore what the user brought unless we need it as a fallback @story.title = sattrs[:title] - if !@story.title.present? && params[:title].present? + if @story.title.blank? && params[:title].present? @story.title = params[:title] end end @@ -108,14 +121,12 @@ def preview @story.user_id = @user.id @story.previewing = true - @story.vote = Vote.new(:vote => 1) + @story.current_vote = Vote.new(vote: 1) @story.score = 1 @story.valid? - @story.seen_previous = true - - return render :action => "new", :layout => false + render action: "new", layout: false end def show @@ -133,25 +144,27 @@ def show end end + # if asking with a title and it's been edited, 302 + if params[:title] && params[:title] != @story.title_as_url + return redirect_to(@story.comments_path) + end + if @story.is_gone? @moderation = Moderation .where(story: @story, comment: nil) .where("action LIKE '%deleted story%'") - .order('id desc') + .order("id desc") .first end if !@story.can_be_seen_by_user?(@user) respond_to do |format| - format.html { return render action: '_missing', status: 404 } + format.html { return render action: "_missing", status: 404, locals: {story: @story, moderation: @moderation} } format.json { raise ActiveRecord::RecordNotFound } end end - @comments = get_arranged_comments_from_cache(params[:id]) do - @story.merged_comments - .includes(:user, :story, :hat, :votes => :user) - .arrange_for_user(@user) - end + @user.try(:clear_unread_replies!) + @comments = Comment.story_threads(@story).for_presentation @title = @story.title @short_url = @story.short_id_url @@ -165,72 +178,26 @@ def show "twitter:site" => "@lobsters", "twitter:title" => @story.title, "twitter:description" => @story.comments_count.to_s + " " + - 'comment'.pluralize(@story.comments_count), + "comment".pluralize(@story.comments_count), "twitter:image" => Rails.application.root_url + - "apple-touch-icon-144.png", + "touch-icon-144.png" } - if @story.user.twitter_username.present? - @meta_tags["twitter:creator"] = "@" + @story.user.twitter_username + if @story.user.mastodon_username.present? + @meta_tags["twitter:creator"] = @story.user.mastodon_acct end load_user_votes - render :action => "show" + render action: "show" } format.json { - render :json => @story.as_json(:with_comments => @comments) + @comments = @comments.includes(:parent_comment) + render json: @story.as_json(with_comments: @comments) } end end - def suggest - @title = 'Suggest Story Changes' - if !@story.can_have_suggestions_from_user?(@user) - flash[:error] = "You are not allowed to offer suggestions on that story." - return redirect_to @story.comments_path - end - - if (suggested_tags = @story.suggested_taggings.where(:user_id => @user.id)).any? - @story.tags_a = suggested_tags.map {|st| st.tag.tag } - end - if (tt = @story.suggested_titles.where(:user_id => @user.id).first) - @story.title = tt.title - end - end - - def submit_suggestions - if !@story.can_have_suggestions_from_user?(@user) - flash[:error] = "You are not allowed to offer suggestions on that story." - return redirect_to @story.comments_path - end - - ostory = @story.dup - - @story.title = params[:story][:title] - if @story.valid? - dsug = false - if @story.title != ostory.title - @story.save_suggested_title_for_user!(@story.title, @user) - dsug = true - end - - sugtags = params[:story][:tags_a].reject {|t| t.to_s.strip == "" }.sort - if @story.tags_a.sort != sugtags - @story.save_suggested_tags_a_for_user!(sugtags, @user) - dsug = true - end - - if dsug - ostory = @story.reload - flash[:success] = "Your suggested changes have been noted." - end - redirect_to ostory.comments_path - else - render :action => "suggest" - end - end - def undelete if !(@story.is_editable_by_user?(@user) && @story.is_undeletable_by_user?(@user)) @@ -260,211 +227,193 @@ def update update_story_attributes if @story.save - return redirect_to @story.comments_path + redirect_to @story.comments_path else - return render :action => "edit" + render action: "edit" end end def unvote if !(story = find_story) || story.is_gone? - return render :plain => "can't find story", :status => 400 + return render plain: "can't find story", status: 400 end Vote.vote_thusly_on_story_or_comment_for_user_because( 0, story.id, nil, @user.id, nil ) - render :plain => "ok" + render plain: "ok" end def upvote if !(story = find_story) || story.is_gone? - return render :plain => "can't find story", :status => 400 + return render plain: "can't find story", status: 400 end if story.merged_into_story - return render :plain => "story has been merged", :status => 400 + return render plain: "story has been merged", status: 400 end Vote.vote_thusly_on_story_or_comment_for_user_because( 1, story.id, nil, @user.id, nil ) - render :plain => "ok" + render plain: "ok" end def flag if !(story = find_story) || story.is_gone? - return render :plain => "can't find story", :status => 400 + return render plain: "can't find story", status: 400 end if !Vote::STORY_REASONS[params[:reason]] - return render :plain => "invalid reason", :status => 400 + return render plain: "invalid reason", status: 400 end if !@user.can_flag?(story) - return render :plain => "not permitted to flag", :status => 400 + return render plain: "not permitted to flag", status: 400 end Vote.vote_thusly_on_story_or_comment_for_user_because( -1, story.id, nil, @user.id, params[:reason] ) - render :plain => "ok" + render plain: "ok" end def hide if !(story = find_story) - return render :plain => "can't find story", :status => 400 + return render plain: "can't find story", status: 400 end if story.merged_into_story - return render :plain => "story has been merged", :status => 400 + return render plain: "story has been merged", status: 400 end - HiddenStory.hide_story_for_user(story.id, @user.id) + HiddenStory.hide_story_for_user(story, @user) - render :plain => "ok" + render plain: "ok" end def unhide if !(story = find_story) - return render :plain => "can't find story", :status => 400 + return render plain: "can't find story", status: 400 end - HiddenStory.unhide_story_for_user(story.id, @user.id) + HiddenStory.unhide_story_for_user(story, @user) - render :plain => "ok" + render plain: "ok" end def save if !(story = find_story) - return render :plain => "can't find story", :status => 400 + return render plain: "can't find story", status: 400 end if story.merged_into_story - return render :plain => "story has been merged", :status => 400 + return render plain: "story has been merged", status: 400 end SavedStory.save_story_for_user(story.id, @user.id) - render :plain => "ok" + render plain: "ok" end def unsave if !(story = find_story) - return render :plain => "can't find story", :status => 400 + return render plain: "can't find story", status: 400 end - SavedStory.where(:user_id => @user.id, :story_id => story.id).delete_all + SavedStory.where(user_id: @user.id, story_id: story.id).delete_all - render :plain => "ok" + render plain: "ok" end def check_url_dupe - raise ActionController::ParameterMissing.new("No URL") unless story_params[:url].present? + raise ActionController::ParameterMissing.new("No URL") if story_params[:url].blank? @story = Story.new(user: @user) @story.attributes = story_params @story.already_posted_recently? respond_to do |format| + linking_comments = Link.recently_linked_from_comments(@story.url) format.html { - return render :partial => "stories/form_errors", :layout => false, - :content_type => "text/html", :locals => { :story => @story } + return render partial: "stories/form_errors", layout: false, + content_type: "text/html", locals: { + linking_comments: linking_comments, + story: @story + } } # json: https://github.com/lobsters/lobsters/pull/555 format.json { similar_stories = @story.public_similar_stories(@user).map(&:as_json) - - render :json => @story.as_json.merge(similar_stories: similar_stories) + render json: @story.as_json.merge(similar_stories: similar_stories) } end end -private - - def get_arranged_comments_from_cache(short_id, &block) - if Rails.env.development? || @user - yield - else - Rails.cache.fetch("story #{short_id}", expires_in: 60, &block) + def disown + if !((story = find_story) && story.disownable_by_user?(@user)) + return render plain: "can't find story", status: 400 end - end - def story_params - p = params.require(:story).permit( - :title, :url, :description, :moderation_reason, :seen_previous, - :merge_story_short_id, :is_unavailable, :user_is_author, :user_is_following, - :tags_a => [], - ) + InactiveUser.disown! story - if @user && @user.is_moderator? - p - else - p.except(:moderation_reason, :merge_story_short_id, :is_unavailable) - end - end + if request.xhr? + @story = find_story + @comments = Comment.story_threads(@story).for_presentation - def update_story_attributes - if @story.url_is_editable_by_user?(@user) - @story.attributes = story_params + load_user_votes + + render partial: "listdetail", layout: false, content_type: "text/html", locals: {story: @story, single_story: true} else - @story.attributes = story_params.except(:url) + redirect_to story.short_id_path end end - def find_story - story = Story.find_by(:short_id => params[:story_id]) - if @user && story - story.vote = Vote.find_by( - user: @user, - story: story.id, - comment: nil - ).try(:vote) - end + private - story + def story_params + params.require(:story).permit(:title, :url, :description, :user_is_author, :user_is_following, tags_a: []) end - def find_story! - @story = find_story - if !@story - raise ActiveRecord::RecordNotFound + def update_story_attributes + @story.attributes = if @story.url_is_editable_by_user?(@user) + story_params + else + story_params.except(:url) end end def find_user_story - if @user.is_moderator? - @story = Story.where(:short_id => params[:story_id] || params[:id]).first + @story = if @user.is_moderator? + Story.where(short_id: params[:story_id] || params[:id]).first else - @story = Story.where(:user_id => @user.id, :short_id => - (params[:story_id] || params[:id])).first + Story.where(user_id: @user.id, short_id: params[:story_id] || params[:id]).first end if !@story - flash[:error] = "Could not find story or you are not authorized " << - "to manage it." + flash[:error] = "Could not find story or you are not authorized " \ + "to manage it." redirect_to "/" - return false + false end end def load_user_votes if @user - if (v = Vote.where(:user_id => @user.id, :story_id => @story.id, :comment_id => nil).first) - @story.vote = { :vote => v.vote, :reason => v.reason } - end + @story.current_vote = Vote.find_by(user: @user, story: @story, comment: nil) @story.is_hidden_by_cur_user = @story.is_hidden_by_user?(@user) @story.is_saved_by_cur_user = @story.is_saved_by_user?(@user) @votes = Vote.comment_votes_by_user_for_story_hash( - @user.id, (@story.merged_stories.ids).push(@story.id)) + @user.id, @story.merged_stories.ids.push(@story.id) + ) + vote_summaries = Vote.comment_vote_summaries(@comments.map(&:id)) @comments.each do |c| - if @votes[c.id] - c.current_vote = @votes[c.id] - end + c.current_vote = @votes[c.id] + c.vote_summary = vote_summaries[c.id] end end end @@ -472,13 +421,13 @@ def load_user_votes def verify_user_can_submit_stories if !@user.can_submit_stories? flash[:error] = "You are not allowed to submit new stories." - return redirect_to "/" + redirect_to "/" end end def track_story_reads @story = Story.where(short_id: params[:id]).first! - @ribbon = ReadRibbon.where(user: @user, story: @story).first_or_create + @ribbon = ReadRibbon.where(user: @user, story: @story).first_or_initialize yield @ribbon.bump end diff --git a/benchmarks/lobsters/app/controllers/story_urls_controller.rb b/benchmarks/lobsters/app/controllers/story_urls_controller.rb new file mode 100644 index 00000000..96024a26 --- /dev/null +++ b/benchmarks/lobsters/app/controllers/story_urls_controller.rb @@ -0,0 +1,26 @@ +# typed: false + +class StoryUrlsController < ApplicationController + def all + url = params.require(:url) + + respond_to do |format| + format.json { + render json: Story.find_similar_by_url(url).for_presentation + } + end + end + + def latest + url = params.require(:url) + + similar_stories = Story.find_similar_by_url(url) + if similar_stories.any? + redirect_to similar_stories.first.comments_path + elsif @user + redirect_to new_story_path, url: url + else + raise ActiveRecord::RecordNotFound + end + end +end diff --git a/benchmarks/lobsters/app/controllers/suggestions_controller.rb b/benchmarks/lobsters/app/controllers/suggestions_controller.rb new file mode 100644 index 00000000..691c7f81 --- /dev/null +++ b/benchmarks/lobsters/app/controllers/suggestions_controller.rb @@ -0,0 +1,79 @@ +class SuggestionsController < ApplicationController + include StoryFinder + + before_action :find_story!, only: [:new, :create] + before_action :require_logged_in_user, only: [:new] + before_action :show_title_h1, only: [:new] + + def create + if !@story.can_have_suggestions_from_user?(@user) + flash[:error] = "You are not allowed to offer suggestions on that story." + return redirect_to @story.comments_path + end + + story_user = @story.user + inappropriate_tags = Tag + .where(tag: params[:story][:tags_a].reject { |t| t.to_s.blank? }) + .reject { |t| t.can_be_applied_by?(story_user) } + if inappropriate_tags.length > 0 + tag_error = "" + inappropriate_tags.each do |t| + tag_error += if t.privileged? + "User #{story_user.username} cannot apply tag #{t.tag} as they are not a " \ + "moderator so it has been removed from your suggestion.\n" + elsif !t.permit_by_new_users? + "User #{story_user.username} cannot apply tag #{t.tag} due to being a new " \ + "user so it has been removed from your suggestion.\n" + else + "User #{story_user.username} cannot apply tag #{t.tag} " \ + "so it has been removed from your suggestion.\n" + end + end + tag_error += "" + flash[:error] = tag_error + end + + ostory = @story.dup + + @story.title = params[:story][:title] + if @story.valid? + dsug = false + if @story.title != ostory.title + @story.save_suggested_title_for_user!(@story.title, @user) + dsug = true + end + + sugtags = Tag + .where(tag: params[:story][:tags_a].reject { |t| t.to_s.strip.blank? }) + .reject { |t| !t.can_be_applied_by?(story_user) } + .map { |s| s.tag } + if @story.tags_a.sort != sugtags.sort + @story.save_suggested_tags_a_for_user!(sugtags, @user) + dsug = true + end + + if dsug + ostory = @story.reload + flash[:success] = "Your suggested changes have been noted." + end + redirect_to ostory.comments_path + else + render action: "suggest" + end + end + + def new + @title = "Suggest Story Changes" + if !@story.can_have_suggestions_from_user?(@user) + flash[:error] = "You are not allowed to offer suggestions on that story." + return redirect_to @story.comments_path + end + + if (suggested_tags = @story.suggested_taggings.where(user_id: @user.id)).any? + @story.tags_a = suggested_tags.map { |st| st.tag.tag } + end + if (tt = @story.suggested_titles.where(user_id: @user.id).first) + @story.title = tt.title + end + end +end diff --git a/benchmarks/lobsters/app/controllers/tags_controller.rb b/benchmarks/lobsters/app/controllers/tags_controller.rb index e0587d76..76a4d581 100644 --- a/benchmarks/lobsters/app/controllers/tags_controller.rb +++ b/benchmarks/lobsters/app/controllers/tags_controller.rb @@ -1,3 +1,5 @@ +# typed: false + class TagsController < ApplicationController before_action :require_logged_in_admin, except: [:index] before_action :show_title_h1, only: [:new, :edit] @@ -5,18 +7,18 @@ class TagsController < ApplicationController def index @title = "Tags" - @categories = Category.all.order('category asc').includes(:tags) + @categories = Category.all.order("category asc").includes(:tags) @tags = Tag.all - if @user - @filtered_tags = @user.tag_filter_tags.index_by(&:id) + @filtered_tags = if @user + @user.tag_filter_tags.index_by(&:id) else - @filtered_tags = tags_filtered_by_cookie.index_by(&:id) + tags_filtered_by_cookie.index_by(&:id) end respond_to do |format| - format.html { render :action => "index" } - format.json { render :json => @tags } + format.html { render action: "index" } + format.json { render json: @tags } end end @@ -26,34 +28,34 @@ def new end def create - @title = 'Create Tag' + @title = "Create Tag" tag = Tag.create(tag_params) - if tag.valid? + if tag.persisted? flash[:success] = "Tag #{tag.tag} has been created" redirect_to tags_path else - flash[:error] = "New tag not created: #{tag.errors.full_messages.join(', ')}" + flash[:error] = "New tag not created: #{tag.errors.full_messages.join(", ")}" redirect_to new_tag_path end end def edit - @tag = Tag.where(:tag => params[:tag_name]).first! + @tag = Tag.where(tag: params[:tag_name]).first! @title = "Edit Tag" end def update - tag = Tag.where(:tag => params[:tag_name]).first! + tag = Tag.where(tag: params[:tag_name]).first! if tag.update(tag_params) flash[:success] = "Tag #{tag.tag} has been updated" redirect_to tags_path else - flash[:error] = "Tag not updated: #{tag.errors.full_messages.join(', ')}" + flash[:error] = "Tag not updated: #{tag.errors.full_messages.join(", ")}" redirect_to edit_tag_path end end -private + private def tag_params params.require(:tag).permit( @@ -65,7 +67,7 @@ def tag_params :privileged, :is_media, :active, - :hotness_mod, + :hotness_mod ).merge(edit_user_id: @user.id) end end diff --git a/benchmarks/lobsters/app/controllers/users_controller.rb b/benchmarks/lobsters/app/controllers/users_controller.rb index 56e16f38..31c64091 100644 --- a/benchmarks/lobsters/app/controllers/users_controller.rb +++ b/benchmarks/lobsters/app/controllers/users_controller.rb @@ -1,8 +1,9 @@ +# typed: false + class UsersController < ApplicationController - before_action :load_showing_user, :only => [:show, :standing] - before_action :require_logged_in_moderator, - :only => [:enable_invitation, :disable_invitation, :ban, :unban] - before_action :flag_warning, only: [:show] + before_action :load_showing_user, only: [:show, :standing] + before_action :require_logged_in_admin, + only: [:enable_invitation, :disable_invitation, :ban, :unban] before_action :require_logged_in_user, only: [:standing] before_action :only_user_or_moderator, only: [:standing] before_action :show_title_h1, only: [:show] @@ -21,8 +22,8 @@ def show end respond_to do |format| - format.html { render :action => "show" } - format.json { render :json => @showing_user } + format.html { render action: "show" } + format.json { render json: @showing_user } end end @@ -31,41 +32,38 @@ def tree newest_user = User.last.id # pulling 10k+ users is significant enough memory pressure this is worthwhile - attrs = %w{banned_at created_at deleted_at id invited_by_user_id is_admin is_moderator karma - username} + attrs = %w[banned_at created_at deleted_at id invited_by_user_id is_admin is_moderator karma + username] if params[:by].to_s == "karma" - content = Rails.cache.fetch("users_by_karma_#{newest_user}", :expires_in => (60 * 60 * 24)) { + content = Rails.cache.fetch("users_by_karma_#{newest_user}", expires_in: (60 * 60 * 24)) { @users = User.select(*attrs).order("karma DESC, id ASC").to_a @user_count = @users.length @title << " By Karma" - render_to_string :action => "list", :layout => nil + render_to_string action: "list", layout: nil } - render :html => content.html_safe, :layout => "application" + render html: content.html_safe, layout: "application" elsif params[:moderators] @users = User.select(*attrs).where("is_admin = ? OR is_moderator = ?", true, true) .order("id ASC").to_a @user_count = @users.length @title = "Moderators and Administrators" - render :action => "list" + render action: "list" else - content = Rails.cache.fetch("users_tree_#{newest_user}", :expires_in => (60 * 60 * 24)) { + # Mod::ReparentsController#create knows this key + content = Rails.cache.fetch("users_tree_#{newest_user}", expires_in: 12.hours) { users = User.select(*attrs).order("id DESC").to_a @user_count = users.length @users_by_parent = users.group_by(&:invited_by_user_id) @newest = User.select(*attrs).order("id DESC").limit(10) - render_to_string :action => "tree", :layout => nil + render_to_string action: "tree", layout: nil } - render :html => content.html_safe, :layout => "application" + render html: content.html_safe, layout: "application" end end - def invite - @title = "Pass Along an Invitation" - end - def disable_invitation - target = User.where(:username => params[:username]).first + target = User.where(username: params[:username]).first if !target flash[:error] = "Invalid user." redirect_to "/" @@ -73,12 +71,12 @@ def disable_invitation target.disable_invite_by_user_for_reason!(@user, params[:reason]) flash[:success] = "User has had invite capability disabled." - redirect_to user_path(:user => target.username) + redirect_to user_path(user: target.username) end end def enable_invitation - target = User.where(:username => params[:username]).first + target = User.where(username: params[:username]).first if !target flash[:error] = "Invalid user." redirect_to "/" @@ -86,30 +84,30 @@ def enable_invitation target.enable_invite_by_user!(@user) flash[:success] = "User has had invite capability enabled." - redirect_to user_path(:user => target.username) + redirect_to user_path(user: target.username) end end def ban - buser = User.where(:username => params[:username]).first + buser = User.where(username: params[:username]).first if !buser flash[:error] = "Invalid user." return redirect_to "/" end - if !params[:reason].present? + if params[:reason].blank? flash[:error] = "You must give a reason for the ban." - return redirect_to user_path(:user => buser.username) + return redirect_to user_path(user: buser.username) end buser.ban_by_user_for_reason!(@user, params[:reason]) flash[:success] = "User has been banned." - return redirect_to user_path(:user => buser.username) + redirect_to user_path(user: buser.username) end def unban - buser = User.where(:username => params[:username]).first + buser = User.where(username: params[:username]).first if !buser flash[:error] = "Invalid user." return redirect_to "/" @@ -118,15 +116,14 @@ def unban buser.unban_by_user!(@user, params[:reason]) flash[:success] = "User has been unbanned." - return redirect_to user_path(:user => buser.username) + redirect_to user_path(user: buser.username) end def standing - flag_warning - int = @flag_warning_int + @interval = time_interval("1m") - fc = FlaggedCommenters.new(int[:param], 1.day) - @fc_flagged = fc.commenters.map {|_, c| c[:n_flags] }.sort + fc = FlaggedCommenters.new(@interval[:param], 1.day) + @fc_flagged = fc.commenters.map { |_, c| c[:n_flags] }.sort @flagged_user_stats = fc.check_list_for(@showing_user) rows = ActiveRecord::Base.connection.exec_query(" @@ -138,25 +135,25 @@ def standing from comments where - comments.created_at >= now() - interval #{int[:dur]} #{int[:intv]} + comments.created_at >= now() - interval #{@interval[:dur]} #{@interval[:intv]} group by comments.user_id) count_by_user group by 1 order by 1 asc; ").rows users = Array.new(@fc_flagged.last.to_i + 1, 0) - rows.each {|r| users[r.first] = r.last } + rows.each { |r| users[r.first] = r.last } @lookup = rows.to_h @flagged_comments = @showing_user.comments .where(" comments.flags > 0 and - comments.created_at >= now() - interval #{int[:dur]} #{int[:intv]}") + comments.created_at >= now() - interval #{@interval[:dur]} #{@interval[:intv]}") .order("id DESC") - .includes(:user, :hat, :story => :user) + .includes(:user, :hat, story: :user) .joins(:story) end -private + private def load_showing_user # case-insensitive search by username @@ -171,7 +168,7 @@ def load_showing_user # now a case-sensitive check if params[:username] != @showing_user.username redirect_to username: @showing_user.username - return false + false end end diff --git a/benchmarks/lobsters/app/helpers/application_helper.rb b/benchmarks/lobsters/app/helpers/application_helper.rb index cfcbd8f2..ff1278de 100644 --- a/benchmarks/lobsters/app/helpers/application_helper.rb +++ b/benchmarks/lobsters/app/helpers/application_helper.rb @@ -1,3 +1,5 @@ +# typed: false + module ApplicationHelper include TimeAgoInWords @@ -6,25 +8,30 @@ module ApplicationHelper def avatar_img(user, size) image_tag( user.avatar_path(size), - :srcset => "#{user.avatar_path(size)} 1x, #{user.avatar_path(size * 2)} 2x", - :class => "avatar", - :size => "#{size}x#{size}", - :alt => "#{user.username} avatar", - :loading => "lazy", - :decoding => "async", + srcset: "#{user.avatar_path(size)} 1x, #{user.avatar_path(size * 2)} 2x", + class: "avatar", + size: "#{size}x#{size}", + alt: "#{user.username} avatar", + loading: "lazy", + decoding: "async" ) end def errors_for(object) - html = "" + html = +"" unless object.errors.blank? html << "There were the problems with the following fields:
" html << "
Tip: read stories across multiple categories with /categories/foo,bar